{"id":"CVE-2021-22540","details":"Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an attacker to use an XSS attack via DOM clobbering. The validation logic in dart:html for creating DOM nodes from text did not sanitize properly when it came across template tags.","modified":"2026-04-10T04:30:08.261066Z","published":"2021-04-22T15:15:07.930Z","related":["GHSA-3rfv-4jvg-9522"],"references":[{"type":"ADVISORY","url":"https://github.com/dart-lang/sdk/security/advisories/GHSA-3rfv-4jvg-9522"},{"type":"FIX","url":"https://github.com/dart-lang/sdk/commit/ce5a1c2392debce967415d4c09359ff2555e3588"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dart-lang/sdk","events":[{"introduced":"0"},{"fixed":"7c8c6b3053d0ba91fcf15f81c45650184dc27e88"},{"fixed":"ce5a1c2392debce967415d4c09359ff2555e3588"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.12.3"}]}}],"versions":["1.11.0","1.11.0-dev.2.0","1.11.0-dev.3.0","1.11.0-dev.4.0","1.11.0-dev.5.0","1.11.0-dev.5.1","1.11.0-dev.5.2","1.11.0-dev.5.3","1.11.0-dev.5.4","1.11.0-dev.5.5","1.11.0-dev.5.6","1.11.0-dev.5.7","1.11.1","1.11.2","1.11.3","1.12.0","1.12.1","1.12.2","1.13.0","1.13.1","1.13.2","1.14.0","1.14.1","1.14.2","1.15.0","1.16.0","1.16.1","1.17.0","1.17.1","1.18.0","1.18.1","1.19.0","1.19.1","1.20.0","1.20.1","1.21.0","1.21.1","1.22.0","1.22.1","1.23.0","1.24.0","1.24.1","1.24.2","1.24.3","2.0.0","2.1.0","2.1.1","2.10.0","2.10.1","2.10.2","2.10.3","2.10.4","2.10.5","2.12.0","2.12.1","2.12.2","2.2.0","2.3.0","2.3.1","2.3.2","2.4.0","2.4.1","2.5.0","2.5.1","2.5.2","2.6.0","2.6.1","2.7.0","2.7.1","2.7.2","2.8.1","2.8.2","2.8.3","2.8.4","2.9.0","2.9.1","2.9.2","2.9.3","analyzer-0.31.0","analyzer-0.31.0+1","analyzer-0.31.1","analyzer-0.31.2-alpha.0","analyzer-0.31.2-alpha.1","analyzer-0.31.2-alpha.2","analyzer-0.32.0","analyzer-0.32.4","analyzer-0.33.0","merge_analyzer_branch","meta-v1.3.0-nullsafety.1","meta-v1.3.0-nullsafety.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22540.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}