CVE-2020-8923

Name of the Vulnerable Software and Affected Versions Dart versions up to and including 2.7.1 Dart dev versions up to and including 2.8.0-dev.16.0

Description The issue is related to improper HTML sanitization, allowing an attacker to inject custom HTML or JavaScript using DOM Clobbering techniques. This can lead to a cross-site scripting (XSS) attack. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations Update your Dart SDK to 2.7.2. Update your Dart dev version to 2.8.0-dev.17.0. If you cannot update, review the way you use the affected APIs and pay special attention to cases where user-provided data is used to populate DOM nodes. Consider using Element.innerText or Node.text to populate DOM elements.