6 matches found
GHSA-QGVG-PR8V-6RR3 Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
Errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError...
Cross-site Scripting (XSS)
Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the transformError function. An attacker can execute arbitrary scripts in the context of the affected application by injecting malicious content that is not...
CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
Svelte performance oriented web framework. Prior to version 5.53.5, errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError. Version 5.53.5 fixes the...
CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
Svelte performance oriented web framework. Prior to version 5.53.5, errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError. Version 5.53.5 fixes the...
CVE-2026-27902
Svelte prior to version 5.53.5 is vulnerable to HTML injection and XSS in SSR error boundary hydration markers, caused by transformError not being properly escaped before HTML output. Attacker-controlled content returned from transformError could be embedded in the page. The issue is fixed in 5.5...
EulerOS 2.0 SP11 : libxslt (EulerOS-SA-2025-2236)
According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion...