Lucene search
K

4 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2026-44311

Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting XSS vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the toSVG method. Specifically, the color field within the colorStops array of a...

6.1CVSS0.00194EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 8:50 p.m.22 views

CVE-2026-44311

CVE-2026-44311 (Fabric.js) describes an XSS in which the color value in colorStops of a fabric.Gradient is not properly escaped when serializing to SVG via toSVG(), allowing injected HTML/SVG to be executed if the SVG is rendered into the DOM. Documents confirm the issue affects Fabric.js prior t...

6.1CVSS6AI score0.00194EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/12 9:0 p.m.6 views

NPM: Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization

NPM: Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization vulnerability discovered by ? in WordPress Npm fabric versions 7.4.0...

5.4CVSS5.8AI score0.00194EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/06/12 9:0 p.m.11 views

GHSA-W22M-HVVM-XMWX Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization

Summary A potential Cross-Site Scripting XSS vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the toSVG method. Specifically, the color field within the colorStops array of a fabric.Gradient object is not properly escaped when...

5.4CVSS5.9AI score0.00194EPSS
Exploits1References3
Rows per page
Query Builder