Svelte has a potential mXSS vulnerability due to improper HTML escaping

Description

A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19.

Recommendation

Update the svelte package to the latest compatible version. Followings are version details:

• Affected version(s): < 4.2.19
• Patched version(s): 4.2.19

References

• GHSA-8266-84wp-wv5c
• CVE-2024-45047
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• vue-i18n has cross-site scripting vulnerability with prototype pollution - @intlify/vue-i18n-core - CVE-2024-52809
• vue-i18n has cross-site scripting vulnerability with prototype pollution - CVE-2024-52809
• vue-i18n has cross-site scripting vulnerability with prototype pollution - @intlify/core - CVE-2024-52809
• Slim Select has potential Cross-site Scripting issue - CVE-2024-9440

You might also like:

How do hackers hack websites?

CSRF, XXE, and 12 Other Security Acronyms Explained

Exploiting Server Version Disclosure

Tags:

npm

svelte