Lucene search
K

6682 matches found

NVD
NVD
added 2026/02/20 11:16 p.m.7 views

CVE-2026-27119

svelte performance oriented web framework. From 5.39.3, element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5...

5.4CVSS0.00182EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 11:16 p.m.11 views

CVE-2026-27122

svelte performance oriented web framework. Prior to 5.51.5, when using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output...

5.4CVSS0.00189EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 11:16 p.m.10 views

CVE-2026-27125

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a...

6.8CVSS0.00377EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/20 10:29 p.m.5 views

CVE-2026-27125 Svelte SSR attribute spreading includes inherited properties from prototype chain

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a...

5.3CVSS5.4AI score0.00377EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/20 10:29 p.m.21 views

CVE-2026-27125 Svelte SSR attribute spreading includes inherited properties from prototype chain

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a...

5.3CVSS0.00377EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/20 10:29 p.m.9 views

CVE-2026-27125

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a...

5.3CVSS5.6AI score0.00377EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/20 10:29 p.m.36 views

CVE-2026-27125

Svelte SSR vulnerability CVE-2026-27125 affects the framework prior to version 5.51.5 where attribute spreading () enumerates inherited properties from the prototype chain, potentially leaking attributes or causing SSR failures when Object.prototype is polluted. Client-side rendering is unaffecte...

6.8CVSS5.6AI score0.00377EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/20 10:29 p.m.5 views

CVE-2026-27125 Svelte SSR attribute spreading includes inherited properties from prototype chain

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a...

5.3CVSS5.5AI score0.00377EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/20 10:28 p.m.3 views

CVE-2026-27122 Svelte SSR does not validate dynamic element tag names in `<svelte:element>`

svelte performance oriented web framework. Prior to 5.51.5, when using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output...

5CVSS5.3AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 10:28 p.m.16 views

CVE-2026-27122

CVE-2026-27122 affects the Svelte performance-oriented web framework. In server-side rendering, using allows an unvalidated tag name to be emitted in HTML output, enabling HTML injection. Client-side rendering is not impacted. The vulnerability is addressed by upgrading to version 5.51.5. The av...

5.4CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/20 10:28 p.m.7 views

CVE-2026-27122

svelte performance oriented web framework. Prior to 5.51.5, when using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output...

5CVSS5.5AI score0.00189EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/20 10:27 p.m.5 views

CVE-2026-27121

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an...

5CVSS5.2AI score0.00189EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 10:27 p.m.4 views

CVE-2026-27121 Svelte affected by cross-site scripting via spread attributes in Svelte SSR

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an...

5CVSS5.1AI score0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 10:27 p.m.17 views

CVE-2026-27121

Technical details for CVE-2026-27121 are not publicly available in the provided documents. Monitor for updates.

5.4CVSS5.2AI score0.00189EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/20 10:27 p.m.26 views

CVE-2026-27121 Svelte affected by cross-site scripting via spread attributes in Svelte SSR

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an...

5CVSS0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 10:27 p.m.5 views

CVE-2026-27121 Svelte affected by cross-site scripting via spread attributes in Svelte SSR

svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an...

5CVSS5.3AI score0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/20 10:25 p.m.22 views

CVE-2026-27119 Svelte affected by XSS in SSR `<option>` element

svelte performance oriented web framework. From 5.39.3, element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5...

5CVSS0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 10:25 p.m.4 views

CVE-2026-27119 Svelte affected by XSS in SSR `<option>` element

svelte performance oriented web framework. From 5.39.3, element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5...

5CVSS5.3AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 10:25 p.m.14 views

CVE-2026-27119

CVE-2026-27119 affects the Svelte framework’s server-side rendering output for the element, where content may not be properly escaped in certain conditions (versions 5.39.3 through 5.51.4). This can lead to HTML injection in SSR output, while client-side rendering remains unaffected. The vulnera...

5.4CVSS5.5AI score0.00182EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/20 10:25 p.m.5 views

CVE-2026-27119

svelte performance oriented web framework. From 5.39.3, =5.51.4, in certain circumstances, the server-side rendering output of an element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed...

5CVSS5.5AI score0.00182EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder