11 matches found
CVE-2026-27013
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...
CVE-2026-27013
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...
CVE-2026-27013 Fabric.js Affected by Stored XSS via SVG Export
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...
CVE-2026-27013 Fabric.js Affected by Stored XSS via SVG Export
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...
CVE-2026-27013 Fabric.js Affected by Stored XSS via SVG Export
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...
CVE-2026-27013
Fabric.js prior to 7.2.0 is vulnerable to stored XSS when user-supplied JSON is loaded via loadFromJSON() and later exported to SVG with toSVG(). The issue arises because several SVG attributes (notably id on wrappers and xlink:href values for images and patterns) interpolate user-controlled str...
PT-2026-20907
Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...
Fabric.js 安全漏洞
Fabric.js is an open-source JavaScript library developed by Fabric.js. Versions of Fabric.js prior to 7.2.0 contained a security vulnerability. This vulnerability stemmed from improper escaping of user-controlled string values during SVG export, which could lead to storage-based cross-site...
Cross-site Scripting (XSS)
Overview org.webjars.npm:fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the loadFromJSON function, which is used in the FabricObjectSVGExportMixin class to...
Fabric.js Affected by Stored XSS via SVG Export
fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When attacker-controlled JSON is loaded via loadFromJSON and later exported via...
GHSA-HFVX-25R5-QC3W Fabric.js Affected by Stored XSS via SVG Export
fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When attacker-controlled JSON is loaded via loadFromJSON and later exported via...