Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js
Vulnerability Description
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对输出编码和转义不恰当
Vulnerability Title
solid 安全漏洞
Vulnerability Description
solid是SolidJS开源的一个用于构建用户界面的声明性、高效和灵活的 JavaScript 库。 solid存在安全漏洞,该漏洞源于JSX片段未正确转义用户输入,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A