Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Scripting attack (XSS) on dev mode 404 page in SvelteKit
Vulnerability Description
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS)." The files `packages/kit/src/exports/vite/dev/index.js` and `packages/kit/src/exports/vite/utils.js` both contain user controllable data which under specific conditions may flow to dev mode pages. There is little to no expected impact. The Vite development is not exposed to the network by default and even if someone were able to trick a developer into executing an XSS against themselves, a development database should not have any sensitive data. None the less this issue has been addressed in version 2.8.3 and all users are advised to upgrade.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
SvelteKit 跨站脚本漏洞
Vulnerability Description
SvelteKit是Svelte开源的一套Web 开发框架。 SvelteKit 2.8.3之前版本存在跨站脚本漏洞,该漏洞源于存在输入数据未净化和特定文件中用户可控数据流向问题,从而导致容易受到跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A