Lucene search
K

8 matches found

vulnersOsv
vulnersOsv
added 2025/02/25 5:49 p.m.6 views

@1game/cli (>=0.0.1 <=1.5.0), @1game/engine-bundle (>=0.0.1 <=1.5.0) +1820 more potentially affected by CVE-2025-27109 via solid-js (>=0.10.11 <=1.9.3)

solid-js NPM version =0.10.11, =0.0.1, =0.0.1, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.1.0, =1.0.5, =0.1.3, =1.2.5, =1.1.2, =0.1.0, =0.0.1, =1.0.0, =4.10.0, =4.12.0-beta.2 and more Source cves: CVE-2025-27109 Source advisory: OSV:GHSA-3QXH-P7JC-5XH6...

7.3CVSS5.7AI score0.00303EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/23 9:22 p.m.27 views

CVE-2025-27109

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS6.5AI score0.00303EPSS
Exploits0References1
Circl
Circl
added 2025/02/21 11:31 p.m.7 views

CVE-2025-27109

creationtimestamp| type| source ---|---|--- 2025-02-21 23:31:55+00:00| published-proof-of-concept| Telegram/z-TEGJuLb-MI9QSBe5sQLLsDPvx9hpDxWNGhFcSyGduHviQ 2025-02-21 23:57:29+00:00| seen| https://t.me/cvedetector/18693 2025-02-24 17:21:42+00:00| published-proof-of-concept|...

7.3CVSS4.8AI score0.00303EPSS
Exploits0References2
NVD
NVD
added 2025/02/21 10:15 p.m.8 views

CVE-2025-27109

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS0.00303EPSS
Exploits0References2
OSV
OSV
added 2025/02/21 9:12 p.m.19 views

CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS6.5AI score0.00303EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/21 9:12 p.m.13 views

CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS7.1AI score0.00303EPSS
Exploits0References2
CVE
CVE
added 2025/02/21 9:12 p.m.86 views

CVE-2025-27109

SolidJS CVE-2025-27109 describes a Cross-Site Scripting (XSS) vulnerability where user input rendered inside illegal inlined JSX fragments could be unescaped. Affected: SolidJS library with problematic JSX fragment handling. Root cause: lack of escaping in JSX fragments that allows user input to ...

7.3CVSS7.1AI score0.00303EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/21 9:12 p.m.36 views

CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS0.00303EPSS
Exploits0References2
Rows per page
Query Builder