Security Advisory

CVE-2026-8656

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-16 05:00:04

Last updated 2026-05-18 13:00:56

Assigner snyk

State PUBLISHED

Description

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM, attacker-controlled HTML can be interpreted by the browser, resulting in XSS.

← Browse all CVEs View on cve.org ↗