CVE-2021-22540
- Source
- https://cve.org/CVERecord?id=CVE-2021-22540
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22540.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-22540
- Related
- Published
- 2021-04-22T15:15:07.930Z
- Modified
- 2026-04-12T01:02:14.129581Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.
- References
Affected packages
Git / github.com/dart-lang/sdk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dart-lang/sdk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Database specific
{ "source": [ "CPE_FIELD", "REFERENCES" ], "cpe": "cpe:2.3:a:dart:dart_software_development_kit:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "0" }, { "fixed": "2.12.3" } ] }
Affected versions
1.*
1.11.0
1.11.0-dev.2.0
1.11.0-dev.3.0
1.11.0-dev.4.0
1.11.0-dev.5.0
1.11.0-dev.5.1
1.11.0-dev.5.2
1.11.0-dev.5.3
1.11.0-dev.5.4
1.11.0-dev.5.5
1.11.0-dev.5.6
1.11.0-dev.5.7
1.11.1
1.11.2
1.11.3
1.12.0
1.12.1
1.12.2
1.13.0
1.13.1
1.13.2
1.14.0
1.14.1
1.14.2
1.15.0
1.16.0
1.16.1
1.17.0
1.17.1
1.18.0
1.18.1
1.19.0
1.19.1
1.20.0
1.20.1
1.21.0
1.21.1
1.22.0
1.22.1
1.23.0
1.24.0
1.24.1
1.24.2
1.24.3
2.*
2.0.0
2.1.0
2.1.1
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.12.0
2.12.1
2.12.2
2.2.0
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.5.0
2.5.1
2.5.2
2.6.0
2.6.1
2.7.0
2.7.1
2.7.2
2.8.1
2.8.2
2.8.3
2.8.4
2.9.0
2.9.1
2.9.2
2.9.3
analyzer-0.*
analyzer-0.31.0
analyzer-0.31.0+1
analyzer-0.31.1
analyzer-0.31.2-alpha.0
analyzer-0.31.2-alpha.1
analyzer-0.31.2-alpha.2
analyzer-0.32.0
analyzer-0.32.4
analyzer-0.33.0
Other
merge_analyzer_branch
meta-v1.*
meta-v1.3.0-nullsafety.1
meta-v1.3.0-nullsafety.2