Description

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree rendered on browsers is different from what Svelte expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS). More specifically, this can occur when injecting malicious content into an attribute within a `noscript` tag. This issue has been addressed in release version 4.2.19. Users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-08-30T16:55:39.106Z

Last Modified :

2024-08-30T18:11:07.734Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45047 vulnerability.

Vendors Products
Svelte
  • Svelte
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45047.

URL Resource
https://github.com/sveltejs/svelte/security/advisories/GHSA-8266-84wp-wv5c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact