GHSA-PHWV-C562-GVMH Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

The contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-site Scripting XSS if rendering untrusted data as the binding's initial value on the server...

Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

The contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-site Scripting XSS if rendering untrusted data as the binding's initial value on the server...

Cross-site Scripting (XSS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bind:innerText and bind:textContent bindings on contenteditable elements during server-side rendering. An attacker can execute arbitrary...

CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...

CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...

CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...

Svelte 跨站脚本漏洞

Svelte is an open-source approach to building web applications. Versions of Svelte prior to 5.53.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from incorrect escaping of content within bind:innerText and bind:textContent, which could lead to HTML injection and...

Hardcoded credentials

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...

CVE-2023-35075 HTML injection via channel autocomplete

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though...

Mattermost Injection Vulnerability

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from the inability of a web application to use innerText/textContent when setting a channel name during autocompletion, allowing an attacker to inject HTML int...

UBUNTU-CVE-2020-25614

xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service SIGSEGV at xmlquery.Node.InnerText or possibly have unspecified other impact...

Microsoft Internet Explorer Denial of Service Vulnerability

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A denial of service vulnerability exists in Microsoft Internet Explorer, which is caused by the re-exploitation of CTreePos after it...