Lucene search
+L

15 matches found

snyk
snyk
added 2026/06/12 9:0 p.m.9 views

Improper Encoding or Escaping of Output

Overview fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object, and text SVG...

6.1CVSS5.5AI score0.00194EPSS
Exploits1References3
snyk
snyk
added 2026/06/12 9:0 p.m.9 views

Improper Encoding or Escaping of Output

Overview org.webjars.npm:fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object...

6.1CVSS5.5AI score0.00194EPSS
Exploits1References3
github
github
added 2026/06/12 9:0 p.m.18 views

Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization

Summary A potential Cross-Site Scripting XSS vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the toSVG method. Specifically, the color field within the colorStops array of a fabric.Gradient object is not properly escaped when...

6.1CVSS5.8AI score0.00194EPSS
Exploits1References3Affected Software1
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.33 views

PT-2026-49055

Name of the Vulnerable Software and Affected Versions Fabric.js versions prior to 7.4.0 Description Improper escaping of user-controlled input during SVG serialization via the toSVG method can lead to Cross-Site Scripting XSS. Specifically, the color field within the colorStops array of a...

6.1CVSS6AI score0.00194EPSS
Exploits1References8
redhatcve
redhatcve
added 2026/02/20 7:39 p.m.9 views

CVE-2026-27013

Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...

7.6CVSS6AI score0.00281EPSS
Exploits1References1
nvd
nvd
added 2026/02/19 8:25 p.m.14 views

CVE-2026-27013

Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...

7.6CVSS0.00281EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/02/19 7:38 p.m.5 views

CVE-2026-27013 Fabric.js Affected by Stored XSS via SVG Export

Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...

7.6CVSS6AI score0.00281EPSS
Exploits1References3
cvelist
cvelist
added 2026/02/19 7:38 p.m.98 views

CVE-2026-27013 Fabric.js Affected by Stored XSS via SVG Export

Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...

7.6CVSS0.00281EPSS
Exploits1References3
cve
cve
added 2026/02/19 7:38 p.m.36 views

CVE-2026-27013

Fabric.js prior to 7.2.0 is vulnerable to stored XSS when user-supplied JSON is loaded via loadFromJSON() and later exported to SVG with toSVG(). The issue arises because several SVG attributes (notably id on wrappers and xlink:href values for images and patterns) interpolate user-controlled str...

7.6CVSS6AI score0.00281EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/02/19 7:38 p.m.10 views

CVE-2026-27013 Fabric.js Affected by Stored XSS via SVG Export

Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...

7.6CVSS5.9AI score0.00281EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/02/19 12:0 a.m.11 views

PT-2026-20907

Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...

7.6CVSS6AI score0.00281EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/02/19 12:0 a.m.9 views

Fabric.js 安全漏洞

Fabric.js is an open-source JavaScript library developed by Fabric.js. Versions of Fabric.js prior to 7.2.0 contained a security vulnerability. This vulnerability stemmed from improper escaping of user-controlled string values during SVG export, which could lead to storage-based cross-site...

7.6CVSS5.6AI score0.00281EPSS
Exploits1References3
osv
osv
added 2026/02/18 10:44 p.m.7 views

GHSA-HFVX-25R5-QC3W Fabric.js Affected by Stored XSS via SVG Export

fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When attacker-controlled JSON is loaded via loadFromJSON and later exported via...

7.6CVSS6AI score0.00281EPSS
Exploits1References5
snyk
snyk
added 2026/02/18 10:44 p.m.7 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the loadFromJSON function, which is used in the FabricObjectSVGExportMixin class to...

7.6CVSS5.3AI score0.00281EPSS
Exploits1References2
github
github
added 2026/02/18 10:44 p.m.21 views

Fabric.js Affected by Stored XSS via SVG Export

fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When attacker-controlled JSON is loaded via loadFromJSON and later exported via...

7.6CVSS6AI score0.00281EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder