Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-8656
PUBLISHED
More InfoOfficial Page
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
View Known Exploited Vulnerability (KEV) details
Published At-16 May, 2026 | 05:00
Updated At-16 May, 2026 | 05:00
Rejected At-
▼CVE Numbering Authority (CNA)

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM, attacker-controlled HTML can be interpreted by the browser, resulting in XSS.

Affected Products
Vendor
n/a
Product
jsondiffpatch
Versions
Affected
  • From 0 before 0.7.6 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACross-site Scripting (XSS)
Type: N/A
CWE ID: N/A
Description: Cross-site Scripting (XSS)
Metrics
VersionBase scoreBase severityVector
3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:P
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Yuki Matsuhashi
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-JSONDIFFPATCH-16635946
N/A
https://gist.github.com/yuki-matsuhashi/72ed072d919f3c52adba298faa6a7da5
N/A
https://github.com/benjamine/jsondiffpatch/commit/232338b34c4653148ca2f44e897a765b72c8c98f
N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-JSONDIFFPATCH-16635946
Resource: N/A
Hyperlink: https://gist.github.com/yuki-matsuhashi/72ed072d919f3c52adba298faa6a7da5
Resource: N/A
Hyperlink: https://github.com/benjamine/jsondiffpatch/commit/232338b34c4653148ca2f44e897a765b72c8c98f
Resource: N/A
Details not found