4 matches found
CVE-2024-53262
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contai...
CVE-2024-53262
CVE-2024-53262 affects SvelteKit where the static error.html template renders placeholders for HTTP status and error.message without escaping. This can allow an attacker-provided error.message to inject content into the error page, yielding a template XSS risk for applications that include user i...
Thelia Cross-site Scripting vulnerability in BackOffice
The BackOffice of Thelia error.html template has a cross-site scripting vulnerability in version 2.1.0 and 2.1.1 but not version 2.0.X. Version 2.1.2 contains a patch for the issue...
Cross-site Scripting (XSS)
whooglesearch is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of data input in the HTTP errormessage request allowing an attacker to inject maliciously crafted script via flask.rendertemplate function in error.html...