XSS in Sveltejs Kit
CVE-2024-53261
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (48.1th percentile) — read the EPSS interpretation.
Affected products
- Sveltejs Kit — versions < 2.8.3
Weakness classification (CWE)
References
- https://github.com/sveltejs/kit/security/advisories/GHSA-rjjv-87mx-6x3h (x_refsource_CONFIRM)
- https://github.com/sveltejs/kit/commit/d338d4635a7fd947ba5112df6ee632c4a0979438 (x_refsource_MISC)