76 matches found
EUVD-2026-8799
Svelte vulnerable to XSS during SSR with contenteditable bind:innerText and bind:textContent...
Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
The contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-site Scripting XSS if rendering untrusted data as the binding's initial value on the server...
GHSA-PHWV-C562-GVMH Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
The contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-site Scripting XSS if rendering untrusted data as the binding's initial value on the server...
Cross-site Scripting (XSS)
Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bind:innerText and bind:textContent bindings on contenteditable elements during server-side rendering. An attacker can execute arbitrary scripts in the...
Cross-site Scripting (XSS)
Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bind:innerText and bind:textContent bindings on contenteditable elements during server-side rendering. An attacker can execute arbitrary...
CVE-2026-27901
Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...
CVE-2026-27901
Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...
CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...
CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...
CVE-2026-27901
CVE-2026-27901 affects Svelte (SSR) via contenteditable bindings: in versions prior to 5.53.5, bind:innerText and bind:textContent on contenteditable elements were not properly escaped, allowing HTML injection and XSS when untrusted data is rendered as the binding’s initial server-side value. The...
CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...
PT-2026-22076
Name of the Vulnerable Software and Affected Versions Svelte versions prior to 5.53.5 Description Svelte, a performance-oriented web framework, had an issue where the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped in versions prior to 5.53.5...
EUVD-2020-7663
Malware in sbrugna...
EUVD-2023-36921
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-15676
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting...
CVE-2025-29771
HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the...
JS Html Sanitizer allows XSS when used with contentEditable
Impact XSS vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. Patches Patched in version 2.0.3...
GHSA-VHV4-FH94-JM5X JS Html Sanitizer allows XSS when used with contentEditable
Impact XSS vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. Patches Patched in version 2.0.3...
CVE-2025-29771
HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the...
CVE-2025-29771 HtmlSanitizer vulnerable to XSS when used with contentEditable
HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the...