7 matches found
EUVD-2025-5079
Malicious code in bioql PyPI...
Cross Site Scripting
solid-js is vulnerable to Cross Site Scripting. The vulnerability is due to improper escaping of user input inside illegal inlined JSX fragments, allowing unescaped input to be rendered as HTML...
GHSA-3QXH-P7JC-5XH6 Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, ?text= would trigger XSS here. js const text = createResource = return new...
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, ?text= would trigger XSS here. js const text = createResource = return new...
CVE-2025-27109
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...
CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...
PT-2025-7634 · Solid-Js · Solid-Js
Name of the Vulnerable Software and Affected Versions: solid-js versions prior to 1.9.4 Description: The issue concerns a lack of escaping in Inserts/JSX expressions inside illegal inlined JSX fragments, allowing user input to be rendered as HTML when put directly inside JSX fragments. This can...