CVE-2023-38687
Svelecte (Svelte) is vulnerable to XSS because item names are rendered as raw HTML without escaping, allowing arbitrary HTML/JavaScript execution when a dropdown is opened. The default item renderer and the commonly used custom item renderer are both affected. Impact depends on trustedness of ite...