417 matches found
PT-2026-25020
Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...
CVE-2026-32106
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...
PT-2026-24822
Summary The REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts...
PT-2026-24821
Summary The updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never verifies that the caller owns the target account id !== userData.user.id. Any authenticated visitor...
PT-2026-24840
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...
EUVD-2026-10555
StudioCMS has Privilege Escalation via Insecure API Token Generation...
react-router: @remix-run/react: React Router SSR XSS in ScrollRestoration
A cross site scripting flaw has been discovered in the npm react-router package. The cross site scripting XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during...
react-router: @remix-run/router: React Router XSS Vulnerability
The cross site scripting flaw has been discovered in the npm react-router package. A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate...
CVE-2026-27738
The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...
CVE-2026-27739
The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...
Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
Errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError...
GHSA-QGVG-PR8V-6RR3 Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
Errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError...
Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
The contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-site Scripting XSS if rendering untrusted data as the binding's initial value on the server...
GHSA-PHWV-C562-GVMH Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
The contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-site Scripting XSS if rendering untrusted data as the binding's initial value on the server...
CVE-2026-27902
A cross-site scripting XSS vulnerability was found in Svelte’s server-side rendering SSR error handling. Error messages returned from the transformError function were not properly escaped before being embedded into HTML output within hydration markers. If an application returns attacker-controlle...
Cross-site Scripting (XSS)
Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bind:innerText and bind:textContent bindings on contenteditable elements during server-side rendering. An attacker can execute arbitrary scripts in the...
Cross-site Scripting (XSS)
Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bind:innerText and bind:textContent bindings on contenteditable elements during server-side rendering. An attacker can execute arbitrary...
Cross-site Scripting (XSS)
Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the transformError function. An attacker can execute arbitrary scripts in the context of the affected application by injecting malicious content that is not...
CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
Svelte performance oriented web framework. Prior to version 5.53.5, errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError. Version 5.53.5 fixes the...
CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
Svelte performance oriented web framework. Prior to version 5.53.5, errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError. Version 5.53.5 fixes the...