Lucene search
K

6686 matches found

Cvelist
Cvelist
added 2026/02/20 10:25 p.m.22 views

CVE-2026-27119 Svelte affected by XSS in SSR `<option>` element

svelte performance oriented web framework. From 5.39.3, element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5...

5CVSS0.00182EPSS
Exploits0References1
OSV
OSV
added 2026/02/20 10:25 p.m.6 views

CVE-2026-27119 Svelte affected by XSS in SSR `<option>` element

svelte performance oriented web framework. From 5.39.3, element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5...

5CVSS5.5AI score0.00182EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/20 10:25 p.m.5 views

CVE-2026-27119

svelte performance oriented web framework. From 5.39.3, =5.51.4, in certain circumstances, the server-side rendering output of an element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed...

5CVSS5.5AI score0.00182EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 10:25 p.m.4 views

CVE-2026-27119 Svelte affected by XSS in SSR `<option>` element

svelte performance oriented web framework. From 5.39.3, element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5...

5CVSS5.3AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 10:25 p.m.14 views

CVE-2026-27119

CVE-2026-27119 affects the Svelte framework’s server-side rendering output for the element, where content may not be properly escaped in certain conditions (versions 5.39.3 through 5.51.4). This can lead to HTML injection in SSR output, while client-side rendering remains unaffected. The vulnera...

5.4CVSS5.5AI score0.00182EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.5 views

CVE-2026-26192

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...

7.3CVSS5.6AI score0.00194EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.4 views

CVE-2026-27176

MajorDoMo aka Major Domestic Module contains a reflected cross-site scripting XSS vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization via htmlspecialchars, both in an input field value attribute and in a paragraph element. An attacker can...

6.1CVSS5.4AI score0.00449EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.12 views

Svelte 跨站脚本漏洞

Svelte is an open-source approach to building web applications developed by Svelte. Versions of Svelte prior to 5.51.5 contained a cross-site scripting vulnerability. This vulnerability occurred when extended syntax was used during server-side rendering, and event handler properties were included...

5.4CVSS5.6AI score0.00189EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.7 views

Svelte 安全漏洞

Svelte is an open-source approach to building web applications developed by Svelte. Versions of Svelte prior to 5.51.5 have a security vulnerability. This vulnerability arises from server-side rendering, where property extensions enumerate inherited properties, which may lead to unexpected proper...

6.8CVSS5.8AI score0.00377EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.7 views

Svelte 跨站脚本漏洞

Svelte is an open-source approach to building web applications. Versions of Svelte from 5.39.3 to 5.51.4 have a cross-site scripting vulnerability. This vulnerability stems from improper escaping of content in server-side rendering outputs, which may lead to HTML injection...

5.4CVSS5.7AI score0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

Svelte 跨站脚本漏洞

Svelte is an open-source approach to building web applications developed by Svelte. Versions of Svelte prior to 5.51.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of validation or cleanup of tag names during server-side rendering, which could lead to...

5.4CVSS5.7AI score0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21307

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a...

5.3CVSS5.5AI score0.00377EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/19 10:36 p.m.3 views

CVE-2025-13672 Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...

7CVSS5.3AI score0.00202EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/19 8:28 p.m.4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in server-side rendering when attribute spreading is performed on elements. An attacker ca...

6.8CVSS5.8AI score0.00377EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 8:28 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in server-side rendering when attribute spreading is performed on elements. An attacker can inject...

6.8CVSS5.6AI score0.00377EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 8:28 p.m.2 views

GHSA-CRPF-4HRX-3JRP Svelte SSR attribute spreading includes inherited properties from prototype chain

In server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a precondition outside of Svelte's control — this can cause unexpect...

5.3CVSS5.5AI score0.00377EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/19 8:28 p.m.16 views

Svelte SSR attribute spreading includes inherited properties from prototype chain

In server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a precondition outside of Svelte's control — this can cause unexpect...

6.8CVSS5.5AI score0.00377EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/02/19 8:25 p.m.6 views

CVE-2026-26192

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...

7.3CVSS0.00194EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/19 3:18 p.m.2 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the svelte:element tags. An attacker can inject arbitrary HTML into the server-side rendered output by supplying a crafted tag name. Details Cross-site...

5.5CVSS5.6AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 3:18 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the svelte:element tags. An attacker can inject arbitrary HTML into the server-side rendered output by supplying a crafted tag name. Details...

5.5CVSS5.7AI score0.00189EPSS
Exploits0References2
Rows per page
Query Builder