Svelte has a potential mXSS vulnerability due to improper HTML escaping

Description

A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19.

Recommendation

Update the svelte package to the latest compatible version. Followings are version details:

• Affected version(s): < 4.2.19
• Patched version(s): 4.2.19

References

• GHSA-8266-84wp-wv5c
• CVE-2024-45047
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• vue-i18n has cross-site scripting vulnerability with prototype pollution (GHSA-9r9m-ffp6-9x4v) 2 - CVE-2024-52809
• CouchAuth has a Server-Side Template Injection vulnerability in its email functionality - CVE-2024-57177
• @octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking - CVE-2025-25285
• DOMpurify has a nesting-based mXSS - CVE-2024-47875

Tags:

npm

svelte