Fabric.Js

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-27013 HIGH POC PATCH This Week

Stored XSS in Fabric.js prior to version 7.2.0 allows attackers to inject arbitrary SVG elements and event handlers when user-supplied JSON is loaded and exported via toSVG(), affecting applications that process collaborative designs, imports, or CMS plugins. Public exploit code exists for this vulnerability. Applications rendering the SVG output in browsers are vulnerable to arbitrary JavaScript execution.

RCE XSS Fabric.Js

NVD GitHub

CVSS 3.1

7.6

EPSS

0.0%

CVE-2026-27013

EPSS 0% CVSS 7.6

HIGH POC PATCH This Week

Stored XSS in Fabric.js prior to version 7.2.0 allows attackers to inject arbitrary SVG elements and event handlers when user-supplied JSON is loaded and exported via toSVG(), affecting applications that process collaborative designs, imports, or CMS plugins. Public exploit code exists for this vulnerability. Applications rendering the SVG output in browsers are vulnerable to arbitrary JavaScript execution.

RCE XSS Fabric.Js

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy