CVE-2017-16008

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-16008

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16008.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-16008

Aliases

GHSA-f89g-whpf-6q9m

Published

2018-06-04T19:29:00Z

Modified

2025-07-29T07:43:00.996825Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2.

References

Affected packages

Git / github.com/i18next/i18next

Affected ranges

Type: GIT
Repo: https://github.com/i18next/i18next
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

557980e1b831117ab1c6f61ef951657d430e2022

Affected versions

1.*

1.10.0

1.10.1

1.10.2

1.6.0

1.6.1

1.6.2

1.6.3

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.7

1.8.0

1.8.2

1.9.0