Lucene search
K

6684 matches found

Snyk
Snyk
added 2026/02/19 3:18 p.m.2 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the spread syntax when rendering attributes from untrusted data during server-side rendering. An attacker can execute arbitrary JavaScript in the context of...

5.5CVSS5.6AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 3:18 p.m.2 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the spread syntax when rendering attributes from untrusted data during server-side rendering. An attacker can execute arbitrary JavaScript i...

5.5CVSS5.9AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 3:18 p.m.3 views

GHSA-F7GR-6P89-R883 Svelte affected by cross-site scripting via spread attributes in Svelte SSR

Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external...

5CVSS5.2AI score0.00189EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/19 3:18 p.m.7 views

Svelte affected by cross-site scripting via spread attributes in Svelte SSR

Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external...

5.4CVSS5.2AI score0.00189EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/02/19 3:18 p.m.3 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the server-side rendering process of the element, which does not properly escape its content. An attacker can inject arbitrary HTML into the SSR output by...

7.7CVSS5.5AI score0.00182EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/19 3:18 p.m.7 views

Svelte affected by XSS in SSR `<option>` element

In certain circumstances, the server-side rendering output of an element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected...

5.4CVSS5.5AI score0.00182EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/19 3:18 p.m.3 views

GHSA-H7H7-MM68-GMRC Svelte affected by XSS in SSR `<option>` element

In certain circumstances, the server-side rendering output of an element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected...

5CVSS5.5AI score0.00182EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/19 9:5 a.m.8 views

CVE-2026-26047

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 3:25 a.m.28 views

CVE-2025-13113

CVE-2025-13113 concerns the WordPress plugin “Web Accessibility by accessiBe.” The issue is an unauthenticated sensitive information exposure caused by the function accessibe_render_js_in_footer() logging the full plugin options array to the browser console on public pages. This output is not res...

5.3CVSS5.5AI score0.00282EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-21306

Name of the Vulnerable Software and Affected Versions Svelte versions prior to 5.51.5 Description Svelte is susceptible to cross-site scripting XSS during server-side rendering. Utilizing spread syntax with untrusted data can lead to the inclusion of event handler properties in the generated HTML...

5.4CVSS6.1AI score0.00189EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.4 views

PT-2026-20873

When using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected...

5CVSS5.5AI score
Exploits0References3
Cvelist
Cvelist
added 2026/02/19 12:0 a.m.24 views

CVE-2025-55853

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery SSRF. The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTM...

0.00373EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20917

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.7.0 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Modifying chat history before version 0.7.0 allows manipulation of the html property within...

7.3CVSS4.8AI score0.00194EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-21305

Name of the Vulnerable Software and Affected Versions Svelte versions 5.39.3 through 5.51.4 Description Svelte is susceptible to a flaw where, under specific conditions, the server-side rendering of an element fails to properly escape its content. This can lead to potential HTML injection within...

5.4CVSS5.8AI score0.00182EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20592

Name of the Vulnerable Software and Affected Versions Web Accessibility by accessiBe versions up to and including 2.11 Description The Web Accessibility by accessiBe plugin for WordPress is susceptible to exposure of sensitive information. This occurs because the accessibe render js in footer...

5.3CVSS5AI score0.00282EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20881

Name of the Vulnerable Software and Affected Versions Svelte versions prior to 5.51.5 Description A flaw exists in Svelte where, during server-side rendering, the tag name provided to the component is not validated or sanitized before being included in the HTML output. This can lead to HTML...

5CVSS5.3AI score0.00189EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/18 10:44 p.m.3 views

Cross-site Scripting (XSS)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering process of assistant identity values into an inline tag without proper escaping. An attacker can execute arbitrary JavaScript in the Control UI ...

6.8CVSS5.6AI score0.00228EPSS
Exploits1References2
NVD
NVD
added 2026/02/18 10:16 p.m.7 views

CVE-2026-27177

MajorDoMo aka Major Domestic Module contains a stored cross-site scripting XSS vulnerability via the /objects/?op=set endpoint, which is intentionally unauthenticated for IoT device integration. User-supplied property values are stored raw in the database without sanitization. When an administrat...

7.2CVSS0.00196EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-20513

Name of the Vulnerable Software and Affected Versions MajorDoMo versions affected versions not specified Description MajorDoMo contains a stored cross-site scripting XSS issue through the /objects/?op=set API endpoint. This endpoint is intentionally unauthenticated for integration with IoT device...

7.2CVSS5.1AI score0.00196EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.6 views

MajorDoMo 跨站脚本漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. MajorDoMo has a cross-site scripting vulnerability. This vulnerability stems from the /objects/?method endpoint, which allows unvalidated execution of stored methods. The parameters controlled by...

7.2CVSS5.8AI score0.00227EPSS
Exploits1References3
Rows per page
Query Builder