6 matches found
@alexanderniebuhr/eslint-config (>=1.3.0 <=1.4.0), @alexanderniebuhr/style (>=1.1.0 <=1.3.0) +188 more potentially affected by CVE-2022-25875 via svelte (>=0.0.1 <=3.48.0)
svelte NPM version =0.0.1, =1.3.0, =1.1.0, =1.3.0, =2.0.2, =0.7.7, =2.0.0, =10.0.0, =7.1.4, =2.0.9, =2.0.8, =2.0.0, =2.0.4, =1.0.1, =6.0.4, =5.0.2, =6.0.18 and more Source cves: CVE-2022-25875 Source advisory: OSV:GHSA-WV8Q-R932-8HC7...
CVE-2022-25875
The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...
CVE-2022-25875 Cross-site Scripting (XSS)
The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...
CVE-2022-25875 Cross-site Scripting (XSS)
The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...
CVE-2022-25875
CVE-2022-25875 affects the Svelte framework prior to 3.49.0, with an XSS vulnerability caused by improper input sanitization and improper escaping of attributes when SSR processes objects, exploitable via objects with a custom toString() function. Impact is Cross‑Site Scripting in applications us...
@alexanderniebuhr/eslint-config (>=1.3.0 <=1.4.0), @alexanderniebuhr/style (>=1.1.0 <=1.3.0) +116 more potentially affected by CVE-2022-25875 via svelte (>=3.12.1 <=3.48.0)
svelte NPM version =3.12.1, =1.3.0, =1.1.0, =1.3.0, =0.7.7, =10.0.0, =7.1.4, =21.0.4, =8.0.4, =2.0.4, =1.0.1, =6.0.4, =5.0.2, =4.0.2, =1.0.1, =5.0.8, =12.0.48 and more Source cves: CVE-2022-25875 Source advisory: SNYK:JS-SVELTE-2931080...