Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/02/20 10:29 p.m.5 views

CVE-2026-27125 Svelte SSR attribute spreading includes inherited properties from prototype chain

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a...

5.3CVSS5.4AI score0.00377EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/20 10:27 p.m.4 views

CVE-2026-27121 Svelte affected by cross-site scripting via spread attributes in Svelte SSR

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an...

5CVSS5.1AI score0.00189EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 10:25 p.m.4 views

CVE-2026-27119 Svelte affected by XSS in SSR `<option>` element

svelte performance oriented web framework. From 5.39.3, element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5...

5CVSS5.3AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 10:25 p.m.7 views

CVE-2026-27119 Svelte affected by XSS in SSR `<option>` element

svelte performance oriented web framework. From 5.39.3, element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5...

5CVSS5.5AI score0.00182EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-21305

Name of the Vulnerable Software and Affected Versions Svelte versions 5.39.3 through 5.51.4 Description Svelte is susceptible to a flaw where, under specific conditions, the server-side rendering of an element fails to properly escape its content. This can lead to potential HTML injection within...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References8
Rows per page
Query Builder