Количество 3
Количество 3
CVE-2026-27901
Svelte performance oriented web framework. Prior to version 5.53.5, the contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting (XSS) if rendering untrusted data as the binding's initial value on the server. Version 5.53.5 fixes the issue.
CVE-2026-27901
Svelte performance oriented web framework. Prior to version 5.53.5, the contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting (XSS) if rendering untrusted data as the binding's initial value on the server. Version 5.53.5 fixes the issue.
GHSA-phwv-c562-gvmh
Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-27901 Svelte performance oriented web framework. Prior to version 5.53.5, the contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting (XSS) if rendering untrusted data as the binding's initial value on the server. Version 5.53.5 fixes the issue. | CVSS3: 5.4 | 0% Низкий | около 1 месяца назад |
 | CVE-2026-27901 Svelte performance oriented web framework. Prior to version 5.53.5, the contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting (XSS) if rendering untrusted data as the binding's initial value on the server. Version 5.53.5 fixes the issue. | CVSS3: 6.1 | 0% Низкий | 30 дней назад |
| GHSA-phwv-c562-gvmh Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent` | 0% Низкий | 29 дней назад |
Уязвимостей на страницу