Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Svelte affected by cross-site scripting via spread attributes in Svelte SSR
Vulnerability Description
svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. This vulnerability is fixed in 5.51.5.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Svelte 跨站脚本漏洞
Vulnerability Description
Svelte是Svelte开源的一种构建 Web 应用程序的新方法。 Svelte 5.51.5之前版本存在跨站脚本漏洞,该漏洞源于服务器端渲染期间使用扩展语法时包含事件处理程序属性,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A