Lucene search
K

7 matches found

Snyk
Snyk
added 2026/05/06 11:49 p.m.9 views

HTML Injection

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTML Injection via the jsx element tag. An attacker can inject unintended HTML elements or attributes, corrupt the HTML structure, or execute scripts by supplying malicious tag names as...

6.1CVSS5.9AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/20 10:28 p.m.33 views

CVE-2026-27122 Svelte SSR does not validate dynamic element tag names in `<svelte:element>`

svelte performance oriented web framework. Prior to 5.51.5, when using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output...

5CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 10:28 p.m.19 views

CVE-2026-27122

CVE-2026-27122 affects the Svelte performance-oriented web framework. In server-side rendering, using allows an unvalidated tag name to be emitted in HTML output, enabling HTML injection. Client-side rendering is not impacted. The vulnerability is addressed by upgrading to version 5.51.5. The av...

5.4CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/20 10:28 p.m.7 views

CVE-2026-27122 Svelte SSR does not validate dynamic element tag names in `<svelte:element>`

svelte performance oriented web framework. Prior to 5.51.5, when using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output...

5CVSS5.5AI score0.00189EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/20 10:28 p.m.4 views

CVE-2026-27122 Svelte SSR does not validate dynamic element tag names in `<svelte:element>`

svelte performance oriented web framework. Prior to 5.51.5, when using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output...

5CVSS5.3AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/02/19 3:18 p.m.4 views

GHSA-M56Q-VW4C-C2CP Svelte SSR does not validate dynamic element tag names in `<svelte:element>`

When using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected...

5CVSS5.5AI score0.00189EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/19 3:18 p.m.9 views

Svelte SSR does not validate dynamic element tag names in `<svelte:element>`

When using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected...

5.4CVSS5.5AI score0.00189EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder