Schema.org has cross-site scripting (XSS) via script break-out in toScript() output
Low severity
GitHub Reviewed
Published
Jul 1, 2026
to the GitHub Advisory Database
•
Updated Jul 1, 2026
Package
Affected versions
>= 3.23.1, < 3.23.2
>= 4.0.0, < 4.0.2
Patched versions
3.23.2
4.0.2
Description
Published to the GitHub Advisory Database
Jul 1, 2026
Reviewed
Jul 1, 2026
Last updated
Jul 1, 2026
Schema.org has a cross-site scripting (XSS) vulnerability via script break-out in toScript() output.
References