CVE-2026-42573

MEDIUM(6.1)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Risk Signal Score20/100 — NIEDRIG

CVSS 6.1 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.1

Technische Schwere

Beschreibung

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7.

GitHub Advisories

GHSA-rcqx-6q8c-2c42MEDIUM

Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

npm/svelte→ 5.55.7

GitHub Advisory

Referenzen

https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
https://github.com/sveltejs/svelte/security/advisories/GHSA-rcqx-6q8c-2c42