i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| i18next(npm) | 2.0.0 | 3.4.4 | N/A |
CVSS Metrics
