8 matches found
@1game/cli (>=0.0.1 <=1.5.0), @1game/engine-bundle (>=0.0.1 <=1.5.0) +1820 more potentially affected by CVE-2025-27109 via solid-js (>=0.10.11 <=1.9.3)
solid-js NPM version =0.10.11, =0.0.1, =0.0.1, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =0.1.0, =1.0.5, =0.1.3, =1.2.5, =1.1.2, =0.1.0, =0.0.1, =1.0.0, =4.10.0, =4.12.0-beta.2 and more Source cves: CVE-2025-27109 Source advisory: OSV:GHSA-3QXH-P7JC-5XH6...
CVE-2025-27109
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...
CVE-2025-27109
creationtimestamp| type| source ---|---|--- 2025-02-21 23:31:55+00:00| published-proof-of-concept| Telegram/z-TEGJuLb-MI9QSBe5sQLLsDPvx9hpDxWNGhFcSyGduHviQ 2025-02-21 23:57:29+00:00| seen| https://t.me/cvedetector/18693 2025-02-24 17:21:42+00:00| published-proof-of-concept|...
CVE-2025-27109
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...
CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...
CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...
CVE-2025-27109
SolidJS CVE-2025-27109 describes a Cross-Site Scripting (XSS) vulnerability where user input rendered inside illegal inlined JSX fragments could be unescaped. Affected: SolidJS library with problematic JSX fragment handling. Root cause: lack of escaping in JSX fragments that allows user input to ...
CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...