XSS in Sveltejs Kit

CVE-2024-53262

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (41.1th percentile) — read the EPSS interpretation.

Affected products

Sveltejs Kit — versions < 2.8.3

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/sveltejs/kit/security/advisories/GHSA-mh2x-fcqh-fmqv (x_refsource_CONFIRM)
https://github.com/sveltejs/kit/commit/134e36343ef57ed7e6e2b3bb9e7f05ad37865794 (x_refsource_MISC)
https://kit.svelte.dev/docs/errors (x_refsource_MISC)