Maurício Kishi

1 exploit Active since Jul 2022
CVE-2022-25875 WRITEUP MEDIUM WRITEUP
svelte < 3.49.0 - Cross-Site Scripting via Custom toString Function in SSR
The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering). Exploiting this vulnerability is possible via objects with a custom toString() function.
CVSS 5.4