{"id":"CVE-2020-8923","details":"An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript (XSS). Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the dev version. If you cannot update, we recommend you review the way you use the affected APIs, and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements.","modified":"2026-01-30T01:42:23.920564Z","published":"2020-03-26T12:15:12.217Z","related":["GHSA-hfq3-v9pv-p627"],"references":[{"type":"ADVISORY","url":"https://github.com/dart-lang/sdk/security/advisories/GHSA-hfq3-v9pv-p627"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dart-lang/sdk","events":[{"introduced":"0"},{"fixed":"1c9356d8990a2a8c90c66097e20cb2f22e5cc267"}]}],"versions":["1.11.0","1.11.0-dev.2.0","1.11.0-dev.3.0","1.11.0-dev.4.0","1.11.0-dev.5.0","1.11.0-dev.5.1","1.11.0-dev.5.2","1.11.0-dev.5.3","1.11.0-dev.5.4","1.11.0-dev.5.5","1.11.0-dev.5.6","1.11.0-dev.5.7","1.11.1","1.11.2","1.11.3","1.12.0","1.12.0-dev.0.0","1.12.0-dev.1.0","1.12.0-dev.1.1","1.12.0-dev.2.0","1.12.0-dev.2.1","1.12.0-dev.2.2","1.12.0-dev.3.0","1.12.0-dev.3.1","1.12.0-dev.4.0","1.12.0-dev.5.0","1.12.0-dev.5.1","1.12.0-dev.5.10","1.12.0-dev.5.2","1.12.0-dev.5.3","1.12.0-dev.5.5","1.12.0-dev.5.6","1.12.0-dev.5.7","1.12.0-dev.5.8","1.12.0-dev.5.9","1.12.1","1.12.2","1.13.0","1.13.0-dev.0.0","1.13.0-dev.1.0","1.13.0-dev.2.0","1.13.0-dev.3.0","1.13.0-dev.3.1","1.13.0-dev.4.0","1.13.0-dev.5.0","1.13.0-dev.6.0","1.13.0-dev.7.0","1.13.0-dev.7.1","1.13.0-dev.7.10","1.13.0-dev.7.11","1.13.0-dev.7.12","1.13.0-dev.7.2","1.13.0-dev.7.3","1.13.0-dev.7.4","1.13.0-dev.7.5","1.13.0-dev.7.6","1.13.0-dev.7.7","1.13.0-dev.7.8","1.13.0-dev.7.9","1.13.1","1.13.2","1.14.0","1.14.0-dev.0.0","1.14.0-dev.1.0","1.14.0-dev.2.0","1.14.0-dev.3.0","1.14.0-dev.4.0","1.14.0-dev.5.0","1.14.0-dev.6.0","1.14.0-dev.7.0","1.14.0-dev.7.1","1.14.0-dev.7.2","1.14.1","1.14.2","1.15.0","1.15.0-dev.0.0","1.15.0-dev.1.0","1.15.0-dev.2.0","1.15.0-dev.3.0","1.15.0-dev.4.0","1.15.0-dev.5.0","1.15.0-dev.5.1","1.16.0","1.16.0-dev.0.0","1.16.0-dev.1.0","1.16.0-dev.2.0","1.16.0-dev.3.0","1.16.0-dev.4.0","1.16.0-dev.5.0","1.16.0-dev.5.1","1.16.0-dev.5.2","1.16.0-dev.5.3","1.16.0-dev.5.4","1.16.0-dev.5.5","1.16.1","1.17.0","1.17.0-dev.0.0","1.17.0-dev.1.0","1.17.0-dev.2.0","1.17.0-dev.3.0","1.17.0-dev.4.0","1.17.0-dev.4.1","1.17.0-dev.5.0","1.17.0-dev.6.0","1.17.0-dev.6.1","1.17.0-dev.6.2","1.17.0-dev.6.3","1.17.0-dev.6.4","1.17.1","1.18.0","1.18.0-dev.0.0","1.18.0-dev.1.0","1.18.0-dev.2.0","1.18.0-dev.3.0","1.18.0-dev.4.0","1.18.0-dev.4.1","1.18.0-dev.4.2","1.18.0-dev.4.3","1.18.0-dev.4.4","1.18.1","1.19.0","1.19.0-dev.0.0","1.19.0-dev.1.0","1.19.0-dev.2.0","1.19.0-dev.2.1","1.19.0-dev.2.2","1.19.0-dev.2.3","1.19.0-dev.3.0","1.19.0-dev.4.0","1.19.0-dev.5.0","1.19.0-dev.6.0","1.19.0-dev.6.1","1.19.0-dev.7.0","1.19.0-dev.7.1","1.19.0-dev.7.2","1.19.0-dev.7.3","1.19.1","1.20.0","1.20.0-dev.0.0","1.20.0-dev.1.0","1.20.0-dev.10.0","1.20.0-dev.10.1","1.20.0-dev.10.2","1.20.0-dev.10.3","1.20.0-dev.2.0","1.20.0-dev.3.0","1.20.0-dev.4.0","1.20.0-dev.5.0","1.20.0-dev.6.0","1.20.0-dev.7.0","1.20.0-dev.8.0","1.20.0-dev.9.0","1.20.1","1.21.0","1.21.0-dev.0.0","1.21.0-dev.1.0","1.21.0-dev.10.0","1.21.0-dev.11.0","1.21.0-dev.11.1","1.21.0-dev.11.2","1.21.0-dev.11.3","1.21.0-dev.2.0","1.21.0-dev.3.0","1.21.0-dev.4.0","1.21.0-dev.5.0","1.21.0-dev.6.0","1.21.0-dev.7.0","1.21.0-dev.8.0","1.21.0-dev.9.0","1.21.1","1.22.0","1.22.0-dev.0.0","1.22.0-dev.1.0","1.22.0-dev.10.0","1.22.0-dev.10.1","1.22.0-dev.10.2","1.22.0-dev.10.3","1.22.0-dev.10.4","1.22.0-dev.10.5","1.22.0-dev.10.6","1.22.0-dev.10.7","1.22.0-dev.2.0","1.22.0-dev.3.0","1.22.0-dev.4.0","1.22.0-dev.5.0","1.22.0-dev.6.0","1.22.0-dev.7.0","1.22.0-dev.8.0","1.22.0-dev.9.0","1.22.0-dev.9.1","1.22.1","1.23.0","1.23.0-dev.0.0","1.23.0-dev.1.0","1.23.0-dev.10.0","1.23.0-dev.11.0","1.23.0-dev.11.1","1.23.0-dev.11.10","1.23.0-dev.11.11","1.23.0-dev.11.2","1.23.0-dev.11.3","1.23.0-dev.11.4","1.23.0-dev.11.5","1.23.0-dev.11.6","1.23.0-dev.11.7","1.23.0-dev.11.8","1.23.0-dev.2.0","1.23.0-dev.3.0","1.23.0-dev.4.0","1.23.0-dev.5.0","1.23.0-dev.6.0","1.23.0-dev.7.0","1.23.0-dev.8.0","1.23.0-dev.9.0","1.23.0-dev.9.1","1.23.0-dev.9.2","1.24.0","1.24.0-dev.0.0","1.24.0-dev.1.0","1.24.0-dev.2.0","1.24.0-dev.3.0","1.24.0-dev.4.0","1.24.0-dev.4.1","1.24.0-dev.4.2","1.24.0-dev.5.0","1.24.0-dev.6.0","1.24.0-dev.6.1","1.24.0-dev.6.2","1.24.0-dev.6.4","1.24.0-dev.6.5","1.24.0-dev.6.6","1.24.0-dev.6.7","1.24.0-dev.6.8","1.24.0-dev.6.9","1.24.1","1.24.2","1.24.3","1.25.0-dev.0.0","1.25.0-dev.1.0","1.25.0-dev.10.0","1.25.0-dev.11.0","1.25.0-dev.12.0","1.25.0-dev.13.0","1.25.0-dev.14.0","1.25.0-dev.15.0","1.25.0-dev.16.0","1.25.0-dev.16.1","1.25.0-dev.16.2","1.25.0-dev.16.3","1.25.0-dev.16.4","1.25.0-dev.2.0","1.25.0-dev.2.1","1.25.0-dev.3.0","1.25.0-dev.4.0","1.25.0-dev.5.0","1.25.0-dev.6.0","1.25.0-dev.7.0","1.25.0-dev.8.0","1.25.0-dev.9.0","2.0.0","2.0.0-dev.0.0","2.0.0-dev.0.1","2.0.0-dev.1.0","2.0.0-dev.10.0","2.0.0-dev.11.0","2.0.0-dev.12.0","2.0.0-dev.13.0","2.0.0-dev.14.0","2.0.0-dev.15.0","2.0.0-dev.16.0","2.0.0-dev.17.0","2.0.0-dev.18.0","2.0.0-dev.19.0","2.0.0-dev.2.0","2.0.0-dev.20.0","2.0.0-dev.21.0","2.0.0-dev.22.0","2.0.0-dev.23.0","2.0.0-dev.24.0","2.0.0-dev.25.0","2.0.0-dev.26.0","2.0.0-dev.27.0","2.0.0-dev.28.0","2.0.0-dev.29.0","2.0.0-dev.3.0","2.0.0-dev.30.0","2.0.0-dev.31.0","2.0.0-dev.32.0","2.0.0-dev.33.0","2.0.0-dev.34.0","2.0.0-dev.35","2.0.0-dev.36.0","2.0.0-dev.37.0","2.0.0-dev.38.0","2.0.0-dev.39.0","2.0.0-dev.4.0","2.0.0-dev.40.0","2.0.0-dev.41.0","2.0.0-dev.42.0","2.0.0-dev.43.0","2.0.0-dev.44.0","2.0.0-dev.45.0","2.0.0-dev.46.0","2.0.0-dev.47.0","2.0.0-dev.48.0","2.0.0-dev.49.0","2.0.0-dev.5.0","2.0.0-dev.50.0","2.0.0-dev.51.0","2.0.0-dev.52.0","2.0.0-dev.53.0","2.0.0-dev.54.0","2.0.0-dev.55.0","2.0.0-dev.56.0","2.0.0-dev.57.0","2.0.0-dev.58.0","2.0.0-dev.59.0","2.0.0-dev.6.0","2.0.0-dev.60.0","2.0.0-dev.61.0","2.0.0-dev.62.0","2.0.0-dev.63.0","2.0.0-dev.64.0","2.0.0-dev.64.1","2.0.0-dev.65.0","2.0.0-dev.66.0","2.0.0-dev.67.0","2.0.0-dev.68.0","2.0.0-dev.69.0","2.0.0-dev.69.1","2.0.0-dev.69.2","2.0.0-dev.69.3","2.0.0-dev.69.4","2.0.0-dev.69.5","2.0.0-dev.7.0","2.0.0-dev.8.0","2.0.0-dev.9.0","2.1.0","2.1.0-dev.0.0","2.1.0-dev.1.0","2.1.0-dev.2.0","2.1.0-dev.3.0","2.1.0-dev.3.1","2.1.0-dev.4.0","2.1.0-dev.5.0","2.1.0-dev.6.0","2.1.0-dev.7.0","2.1.0-dev.7.1","2.1.0-dev.8.0","2.1.0-dev.9.0","2.1.0-dev.9.1","2.1.0-dev.9.2","2.1.0-dev.9.3","2.1.0-dev.9.4","2.1.1","2.1.1-dev.0.0","2.1.1-dev.0.1","2.1.1-dev.1.0","2.1.1-dev.2.0","2.1.1-dev.3.0","2.1.1-dev.3.1","2.1.1-dev.3.2","2.1.2-dev.0.0","2.2.0","2.2.0-dev.0.0","2.2.0-dev.1.0","2.2.0-dev.1.1","2.2.0-dev.2.0","2.2.0-dev.2.1","2.2.1-dev.0.0","2.2.1-dev.1.0","2.2.1-dev.1.1","2.2.1-dev.2.0","2.2.1-dev.2.1","2.2.1-dev.3.0","2.2.1-dev.3.1","2.2.1-dev.4.0","2.2.1-dev.4.1","2.2.1-dev.4.2","2.3.0","2.3.0-dev.0.0","2.3.0-dev.0.1","2.3.0-dev.0.2","2.3.0-dev.0.3","2.3.0-dev.0.4","2.3.0-dev.0.5","2.3.1","2.3.1-dev.0.0","2.3.2","2.3.2-dev.0.0","2.3.2-dev.0.1","2.3.3-dev.0.0","2.4.0","2.4.0-dev.0.0","2.4.0-dev.0.1","2.4.1","2.5.0","2.5.0-dev.0.0","2.5.0-dev.1.0","2.5.0-dev.2.0","2.5.0-dev.2.1","2.5.0-dev.3.0","2.5.0-dev.4.0","2.5.1","2.5.2","2.6.0","2.6.0-dev.0.0","2.6.0-dev.1.0","2.6.0-dev.2.0","2.6.0-dev.3.0","2.6.0-dev.4.0","2.6.0-dev.5.0","2.6.0-dev.6.0","2.6.0-dev.7.0","2.6.0-dev.8.0","2.6.0-dev.8.1","2.6.0-dev.8.2","2.6.1","2.7.0","2.7.0-dev.0.0","2.7.0-dev.1.0","2.7.0-dev.2.0","2.7.0-dev.2.1","2.7.1","analyzer-0.31.0","analyzer-0.31.0+1","analyzer-0.31.1","analyzer-0.31.2-alpha.0","analyzer-0.31.2-alpha.1","analyzer-0.31.2-alpha.2","analyzer-0.32.0","analyzer-0.32.4","analyzer-0.33.0","merge_analyzer_branch"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8923.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}