Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-5079

Malicious code in bioql PyPI...

7.3CVSS6.4AI score0.00303EPSS
Exploits0References3
Veracode
Veracode
added 2025/03/05 3:55 a.m.7 views

Cross Site Scripting

solid-js is vulnerable to Cross Site Scripting. The vulnerability is due to improper escaping of user input inside illegal inlined JSX fragments, allowing unescaped input to be rendered as HTML...

7.3CVSS7AI score0.00303EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/02/25 5:49 p.m.2 views

GHSA-3QXH-P7JC-5XH6 Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, ?text= would trigger XSS here. js const text = createResource = return new...

7.3CVSS5.8AI score0.00303EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/02/25 5:49 p.m.22 views

Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, ?text= would trigger XSS here. js const text = createResource = return new...

7.3CVSS5.8AI score0.00303EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/02/21 10:15 p.m.43 views

CVE-2025-27109

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS0.00303EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/21 9:12 p.m.13 views

CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS7.1AI score0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/21 12:0 a.m.6 views

PT-2025-7634 · Solid-Js · Solid-Js

Name of the Vulnerable Software and Affected Versions: solid-js versions prior to 1.9.4 Description: The issue concerns a lack of escaping in Inserts/JSX expressions inside illegal inlined JSX fragments, allowing user input to be rendered as HTML when put directly inside JSX fragments. This can...

7.3CVSS5.8AI score0.00303EPSS
Exploits0References11
Rows per page
Query Builder