EPSS
Percentile
34.5%
svelte is vulnerable to cross-site scripting. An attacker is able to inject and execute a malicious script via objects with a custom toString() function during SSR (Server-Side Rendering).
github.com/sveltejs/svelte/commit/f8605d6acbf66976da9b4547f76e90e163899907
github.com/sveltejs/svelte/pull/7530
github.com/sveltejs/svelte/pull/7530%23issuecomment-1158575990