← Back

I18next

i18next

Vendor: I18next • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1I18next
1I18next
Nov 21, 2024
Jun 4, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to...Show more
i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2.Show less
1I18next
1I18next
Nov 21, 2024
May 29, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-si...Show more
i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later.Show less