Lucene search
K

6 matches found

vulnersOsv
vulnersOsv
added 2022/07/13 12:0 a.m.4 views

@alexanderniebuhr/eslint-config (>=1.3.0 <=1.4.0), @alexanderniebuhr/style (>=1.1.0 <=1.3.0) +188 more potentially affected by CVE-2022-25875 via svelte (>=0.0.1 <=3.48.0)

svelte NPM version =0.0.1, =1.3.0, =1.1.0, =1.3.0, =2.0.2, =0.7.7, =2.0.0, =10.0.0, =7.1.4, =2.0.9, =2.0.8, =2.0.0, =2.0.4, =1.0.1, =6.0.4, =5.0.2, =6.0.18 and more Source cves: CVE-2022-25875 Source advisory: OSV:GHSA-WV8Q-R932-8HC7...

6.1CVSS6.3AI score0.01312EPSS
Exploits1
NVD
NVD
added 2022/07/12 7:15 p.m.17 views

CVE-2022-25875

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

6.1CVSS0.01312EPSS
Exploits1References3
OSV
OSV
added 2022/07/12 2:20 p.m.14 views

CVE-2022-25875 Cross-site Scripting (XSS)

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

5.4CVSS6.4AI score0.01312EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/07/12 2:20 p.m.23 views

CVE-2022-25875 Cross-site Scripting (XSS)

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

5.4CVSS6.2AI score0.01312EPSS
Exploits1References3
CVE
CVE
added 2022/07/12 2:20 p.m.89 views

CVE-2022-25875

CVE-2022-25875 affects the Svelte framework prior to 3.49.0, with an XSS vulnerability caused by improper input sanitization and improper escaping of attributes when SSR processes objects, exploitable via objects with a custom toString() function. Impact is Cross‑Site Scripting in applications us...

6.1CVSS5.7AI score0.01312EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/06/17 1:10 p.m.5 views

@alexanderniebuhr/eslint-config (>=1.3.0 <=1.4.0), @alexanderniebuhr/style (>=1.1.0 <=1.3.0) +116 more potentially affected by CVE-2022-25875 via svelte (>=3.12.1 <=3.48.0)

svelte NPM version =3.12.1, =1.3.0, =1.1.0, =1.3.0, =0.7.7, =10.0.0, =7.1.4, =21.0.4, =8.0.4, =2.0.4, =1.0.1, =6.0.4, =5.0.2, =4.0.2, =1.0.1, =5.0.8, =12.0.48 and more Source cves: CVE-2022-25875 Source advisory: SNYK:JS-SVELTE-2931080...

6.1CVSS6.3AI score0.01312EPSS
Exploits1
Rows per page
Query Builder