CVE ID :CVE-2026-8656 Published : May 16, 2026, 5 a.m. | 33 minutes ago Description :Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM, attacker-controlled HTML can be interpreted by the browser, resulting in XSS. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...