14 matches found
EUVD-2023-2234
Malicious code in bioql PyPI...
CVE-2023-38687
Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...
Cross Site Scripting (XSS)
svelecte is vulnerable to Cross Site Scripting XSS. The vulnerability occurs when a user enters a specially crafted item name in the Svelte dropdown. Sites using Svelecte with dynamically created items from external or user-created content may be vulnerable to XSS attacks and clickjacking...
CVE-2023-38687
Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...
Cross site scripting
Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...
Svelecte item names vulnerable to execution of arbitrary JavaScript
Summary Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is opened. Details Item names given to Svelecte appear to be directly...
svelecte-element (>=1.0.0 <=1.4.1) potentially affected by CVE-2023-38687 via svelecte (>=1.1.0 <=1.4.1)
svelecte NPM version =1.1.0, =1.0.0, =1.4.1 Source cves: CVE-2023-38687 Source advisory: OSV:GHSA-7H45-GRC5-89WQ...
GHSA-7H45-GRC5-89WQ Svelecte item names vulnerable to execution of arbitrary JavaScript
Summary Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is opened. Details Item names given to Svelecte appear to be directly...
CVE-2023-38687 Execution of arbitrary JavaScript from Svelecte item names
Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...
CVE-2023-38687 Execution of arbitrary JavaScript from Svelecte item names
Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...
CVE-2023-38687
Svelecte (Svelte) is vulnerable to XSS because item names are rendered as raw HTML without escaping, allowing arbitrary HTML/JavaScript execution when a dropdown is opened. The default item renderer and the commonly used custom item renderer are both affected. Impact depends on trustedness of ite...
CVE-2023-38687 Execution of arbitrary JavaScript from Svelecte item names
Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is...
Svelecte Cross-Site Scripting Vulnerability
Svelecte is a flexible autocomplete/select component written in Svelte. A cross-site scripting vulnerability exists in Svelecte 3.16.2 and earlier versions, which stems from the presence of a cross-site scripting XSS vulnerability. An attacker can exploit this vulnerability to inject arbitrary HT...
PT-2023-26551 · Svelecte · Svelecte
Name of the Vulnerable Software and Affected Versions: Svelecte versions prior to 3.16.3 Description: Svelecte item names are rendered as raw HTML with no escaping, allowing the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever ...