VDB
CVE-2025-9910
CVE-2025-9910
PUBLISHED
CVSS 4.699999809265137 MEDIUM
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin
EPSS 0.06% · 19.3th percentile
Risk Scores
CVSS v3.1
4.699999809265137
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P
EPSS Score
0.06%
19.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | jsondiffpatch | 0 |
| n/a | org.webjars.npm:jsondiffpatch | 0 |
| n/a | org.webjars.bower:jsondiffpatch | 0 |
| npm | jsondiffpatch | 0 |
Timeline
- Sep 11, 2025 CVE Published
- Sep 11, 2025 EPSS Score
- Sep 11, 2025 PoC Published
- Sep 18, 2025 EPSS Score
- Sep 22, 2025 CVE Updated
- Sep 25, 2025 EPSS Score
- Oct 3, 2025 EPSS Score
- Oct 10, 2025 EPSS Score
- Oct 17, 2025 EPSS Score
- Oct 24, 2025 EPSS Score
- Nov 1, 2025 EPSS Score
- Nov 8, 2025 EPSS Score
References
- https://security.snyk.io/vuln/SNYK-JS-JSONDIFFPATCH-10369031 url
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-12549276 url
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-12549277 url
- https://github.com/benjamine/jsondiffpatch/commit/0e374b5dd8d7879b329a9fc18affbd46ad50dd14 url
- https://github.com/benjamine/jsondiffpatch/issues/383 url
- https://benjamine.github.io/jsondiffpatch/index.html url
- https://nvd.nist.gov/vuln/detail/CVE-2025-9910 advisory
- https://github.com/benjamine/jsondiffpatch package