Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

CVE
CVEadded yesterday11 views

CVE-2026-44311

CVE-2026-44311 (Fabric.js) describes an XSS in which the color value in colorStops of a fabric.Gradient is not properly escaped when serializing to SVG via toSVG(), allowing injected HTML/SVG to be executed if the SVG is rendered into the DOM. Documents confirm the issue affects Fabric.js prior t...

5.4CVSS6AI score0.00033EPSS
Exploits0References2
OSV
OSVadded 2026/06/12 9:0 p.m.7 views

GHSA-W22M-HVVM-XMWX Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization

Summary A potential Cross-Site Scripting XSS vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the toSVG method. Specifically, the color field within the colorStops array of a fabric.Gradient object is not properly escaped when...

5.4CVSS5.9AI score0.00033EPSS
Exploits0References3
Patchstack
Patchstackadded 2026/06/12 9:0 p.m.2 views

NPM: Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization

NPM: Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization vulnerability discovered by ? in WordPress Npm fabric versions 7.4.0...

5.4CVSS5.8AI score0.00033EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder