{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T20:01:30.089","vulnerabilities":[{"cve":{"id":"CVE-2020-8923","sourceIdentifier":"cve-coordination@google.com","published":"2020-03-26T12:15:12.217","lastModified":"2024-11-21T05:39:41.267","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements."},{"lang":"es","value":"Un saneamiento HTML inapropiado en Dart versiones hasta 2.7.1 y las versiones dev 2.8.0-dev.16.0, permite a un atacante aprovechar las técnicas DOM Clobbering para omitir el saneamiento e inyectar html/javascript personalizado (XSS). Mitigación: actualizar su Dart SDK a versión 2.7.2 y a versión 2.8.0-dev.17.0 para la versión de desarrollo. Si no puede actualizar, le recomendamos que revise la manera en que usa las API afectadas y preste especial atención a los casos en los que los datos provistos por el usuario son utilizados para completar los nodos DOM. Considere usar Element.innerText o Node.text para llenar los elementos DOM."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.2","matchCriteriaId":"245EA6E1-858A-4EE0-8783-D6FC91C304F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev0.0:*:*:*:*:*:*","matchCriteriaId":"6C378984-C1E4-4541-AF8F-F00950C27297"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev1.0:*:*:*:*:*:*","matchCriteriaId":"B7D246F3-B3A0-497A-8C5F-5ADC9735D3D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev10.0:*:*:*:*:*:*","matchCriteriaId":"932257F3-0AC1-4181-A6E2-F05AA5458F0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev11.0:*:*:*:*:*:*","matchCriteriaId":"3604B788-12F5-4464-9264-D480A1CFEB4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev12.0:*:*:*:*:*:*","matchCriteriaId":"5DCBC478-7046-44DF-ADF0-03D45E1A5C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev13.0:*:*:*:*:*:*","matchCriteriaId":"85F43007-8E34-4B52-9D9D-4EBDF0C99BD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev14.0:*:*:*:*:*:*","matchCriteriaId":"E37CB132-888D-4D20-871D-50BC29FF497C"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev15.0:*:*:*:*:*:*","matchCriteriaId":"CDAAE2E2-2BD9-41B8-903B-FA113B3074F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev16.0:*:*:*:*:*:*","matchCriteriaId":"0163439B-633A-475D-B7C3-56EBEDFA1A60"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev2.0:*:*:*:*:*:*","matchCriteriaId":"33E498C7-7A01-4F27-ADED-679ADC702DA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev3.0:*:*:*:*:*:*","matchCriteriaId":"0E2FE06D-3A1F-4051-865F-29DDD4CC4ADB"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev4.0:*:*:*:*:*:*","matchCriteriaId":"BB27262C-0156-47AE-B9EF-CFA1748AF9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev5.0:*:*:*:*:*:*","matchCriteriaId":"24BCF25D-D5F5-49A1-9209-3C2F88A10516"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev6.0:*:*:*:*:*:*","matchCriteriaId":"2417EDC0-751B-4DE9-A61B-885175855D58"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev7.0:*:*:*:*:*:*","matchCriteriaId":"DE211D61-1029-4987-8B1C-C1791FEF53D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev8.0:*:*:*:*:*:*","matchCriteriaId":"B7066A39-DD04-47EB-9F67-DC4A7285B864"},{"vulnerable":true,"criteria":"cpe:2.3:a:dart:dart_software_development_kit:2.8.0:dev9.0:*:*:*:*:*:*","matchCriteriaId":"71C09C17-1558-401E-AA73-F4B1C2BAD816"}]}]}],"references":[{"url":"https://github.com/dart-lang/sdk/security/advisories/GHSA-hfq3-v9pv-p627","source":"cve-coordination@google.com","tags":["Third Party Advisory"]},{"url":"https://github.com/dart-lang/sdk/security/advisories/GHSA-hfq3-v9pv-p627","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}