Aikido Intel
Secure My Code
Intel

AIKIDO-2025-10195

Radzen.Blazor is vulnerable to Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Mar 31, 2025

50

Medium Risk

This Affects:

DOTNETRadzen.Blazor
0.0.1 - 6.3.4
Fixed in 6.4.0
Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to cross-site scripting (XSS) attacks due to improper handling of MarkupStrings in components. To mitigate this, all MarkupStrings have been removed.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

Radzen.Blazor is vulnerable to Cross-Site Scripting (XSS) in versions 0.0.1 - 6.3.4.

How to fix this

Upgrade the Radzen.Blazor library to the patch version. Note: some breaking changes have been introduced (compared to 6.3.x). Unicode symbols for icons must now be used directly as characters rather than HTML entities (e.g., replace <RadzenIcon Icon="&#xf015"/> with <RadzenIcon Icon="@("")"/>). Additionally, dialog titles no longer support HTML content—developers should use DialogContent instead.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done