{"id":"CVE-2021-22540","details":"Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.","modified":"2026-02-02T01:09:44.032985Z","published":"2021-04-22T15:15:07.930Z","related":["GHSA-3rfv-4jvg-9522"],"references":[{"type":"ADVISORY","url":"https://github.com/dart-lang/sdk/commit/ce5a1c2392debce967415d4c09359ff2555e3588"},{"type":"ADVISORY","url":"https://github.com/dart-lang/sdk/security/advisories/GHSA-3rfv-4jvg-9522"},{"type":"FIX","url":"https://github.com/dart-lang/sdk/commit/ce5a1c2392debce967415d4c09359ff2555e3588"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dart-lang/sdk","events":[{"introduced":"0"},{"fixed":"ce5a1c2392debce967415d4c09359ff2555e3588"}]}],"versions":["analyzer-0.31.0","analyzer-0.31.0+1","analyzer-0.31.1","analyzer-0.31.2-alpha.0","analyzer-0.31.2-alpha.1","analyzer-0.31.2-alpha.2","analyzer-0.32.0","analyzer-0.32.4","analyzer-0.33.0","merge_analyzer_branch","meta-v1.3.0-nullsafety.1","meta-v1.3.0-nullsafety.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22540.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}