Lucene search
K

6 matches found

OSV
OSV
added 2026/02/26 10:25 p.m.4 views

GHSA-QGVG-PR8V-6RR3 Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers

Errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError...

5.3CVSS5.4AI score0.00226EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/26 3:11 a.m.4 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the transformError function. An attacker can execute arbitrary scripts in the context of the affected application by injecting malicious content that is not...

8CVSS6AI score0.00226EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/26 12:58 a.m.4 views

CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers

Svelte performance oriented web framework. Prior to version 5.53.5, errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError. Version 5.53.5 fixes the...

5.3CVSS5.3AI score0.00226EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 12:58 a.m.21 views

CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers

Svelte performance oriented web framework. Prior to version 5.53.5, errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError. Version 5.53.5 fixes the...

5.3CVSS0.00226EPSS
Exploits0References3
CVE
CVE
added 2026/02/26 12:58 a.m.21 views

CVE-2026-27902

Svelte prior to version 5.53.5 is vulnerable to HTML injection and XSS in SSR error boundary hydration markers, caused by transformError not being properly escaped before HTML output. Attacker-controlled content returned from transformError could be embedded in the page. The issue is fixed in 5.5...

5.4CVSS5.3AI score0.00226EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/11 12:0 a.m.5 views

EulerOS 2.0 SP11 : libxslt (EulerOS-SA-2025-2236)

According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion...

7.5CVSS7.5AI score0.012EPSS
Exploits0References2
Rows per page
Query Builder