Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/02/20 10:28 p.m.32 views

CVE-2026-27122 Svelte SSR does not validate dynamic element tag names in `<svelte:element>`

svelte performance oriented web framework. Prior to 5.51.5, when using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output...

5CVSS0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.5 views

PT-2026-20873

When using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected...

5CVSS5.5AI score
Exploits0References3
NVD
NVD
added 2025/11/21 9:15 a.m.6 views

CVE-2025-13141

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gutenberg blocks in all versions up to, and including, 3.0.0 due to insufficient input validation on user-supplied HTML tag names. This is due to the lack of a tag name...

6.4CVSS0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/20 12:0 a.m.4 views

MISP 跨站脚本漏洞

MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics and has features such as threat network security event analysis and malware analysis. cross-site scripting vulnerability exists in versions prior to MISP 2.4.158, which...

5.4CVSS5.7AI score0.00786EPSS
Exploits1References6
Rows per page
Query Builder