Svelecte autocomplete/select component in Svelte allows arbitrary HTML injection, leading to potential XSS attacks. Upgrade to version 3.16.3
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
OSV | Svelecte item names vulnerable to execution of arbitrary JavaScript | 14 Aug 202321:14 | – | osv |
Prion | Cross site scripting | 14 Aug 202321:15 | – | prion |
Veracode | Cross Site Scripting (XSS) | 16 Aug 202300:42 | – | veracode |
NVD | CVE-2023-38687 | 14 Aug 202321:15 | – | nvd |
Cvelist | CVE-2023-38687 Execution of arbitrary JavaScript from Svelecte item names | 14 Aug 202320:21 | – | cvelist |
Github Security Blog | Svelecte item names vulnerable to execution of arbitrary JavaScript | 14 Aug 202321:14 | – | github |
Vulnrichment | CVE-2023-38687 Execution of arbitrary JavaScript from Svelecte item names | 14 Aug 202320:21 | – | vulnrichment |
[
{
"vendor": "mskocik",
"product": "svelecte",
"versions": [
{
"version": "< 3.16.3",
"status": "affected"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo