Approved changes feed: RSS · Atom

cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev5.0:*:*:*:*:*:*

part: a version: 2.8.0 update: dev5.0

VendorDart (b61cf075-66fe-5a87-b69f-f3877bd91330)
ProductDart Software Development Kit (1596cd6d-511f-529f-93a6-a5a9f01eacd5)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/dart-lang/sdk purl2cpe 2026-06-01 10:15:12.534081

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2020-8923 vulnerable 2026-06-08 05:27:19.971893 XSS in Dart
MEDIUM (5.4)
An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements.
Published: 2020-03-26T11:31:55.000Z
Updated: 2024-08-04T10:12:10.987Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.