CVE-2021-22540

MEDIUM

Dart SDK < 2.12.3 - Cross-Site Scripting via DOM Clobbering

Title source: llm
STIX 2.1

Description

Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.

References (2)

Core 2

Scores

CVSS v3 6.1
EPSS 0.0068
EPSS Percentile 48.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
dart/dart_software_development_kit < 2.12.3
Published Apr 22, 2021
Tracked Since Feb 18, 2026