CVE-2017-16010

Name of the Vulnerable Software and Affected Versions: i18next versions 2.0.0 and later

Description: The issue concerns a cross-site scripting vulnerability in the i18next language translation framework. When using the .init method and passing interpolation options without specifying an escapeValue, it defaults to undefined instead of the assumed true. This can lead to user input not being properly escaped, resulting in a potential security risk.

Recommendations: Update to version 3.4.4 or later. As a temporary workaround, consider explicitly passing the escapeValue option as true when initializing i18next to ensure user input is properly sanitized.