CVE-2026-8656

Deferred Deferred - Pending Action

BaseFortify

Publication date: 2026-05-16

Last updated on: 2026-05-18

Assigner: Snyk

Description

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM, attacker-controlled HTML can be interpreted by the browser, resulting in XSS.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-16

Last Modified

2026-05-18

Generated

2026-05-20

EPSS Evaluated

2026-05-19

NVD

CVE-2026-8656

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-79	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-8656

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart