CNNVD-202601-2566 Information
Jan 15, 2026
cve
CNNVD ID
CNNVD-202601-2566
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
Svelte是Svelte开源的一种构建 Web 应用程序的新方法。 Svelte 5.46.3之前版本存在跨站脚本漏洞,该漏洞源于异步水合过程中未对攻击者控制的密钥进行HTML安全转义,可能导致远程脚本执行。
Description (English)
Svelte is a new method of building Web applications from the Svelte Open Source. The pre-Svelte 5.46.3 version had a cross-site script loophole, which stemmed from the fact that the key controlled by the attacker was not safely transposed by HTML during the walk-in.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Svelte
Published
2026-01-15
Last Modified
2026-02-24
References
https://fluidattacks.com/advisories/lydian https://github.com/sveltejs/svelte/security/advisories/GHSA-6738-r8g5-qwp3
Patch
https://github.com/sveltejs/svelte/releases
Share on: