Описание
Svelte performance oriented web framework. Prior to version 5.53.5, errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError. Version 5.53.5 fixes the issue.
Уязвимые конфигурации
Конфигурация 1Версия от 5.53.0 (включая) до 5.53.5 (исключая)
cpe:2.3:a:svelte:svelte:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 9%
0.00032
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.2
redhat
30 дней назад
Svelte performance oriented web framework. Prior to version 5.53.5, errors from `transformError` were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from `transformError`. Version 5.53.5 fixes the issue.
github
29 дней назад
Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
EPSS
Процентиль: 9%
0.00032
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79