CVE-2017-16010

EPSS 1.0%CWE-79

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

29 May 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later.

Affected products

HackerOne · i18next node module

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/i18next/i18next/pull/826 https://nodesecurity.io/advisories/326