Svelte · Svelte · CVE-2022-25875
**Name of the Vulnerable Software and Affected Versions**
svelte versions prior to 3.49.0
**Description**
The issue arises from improper input sanitization and improper escape of attributes when using objects during Server-Side Rendering (SSR), leading to Cross-site Scripting (XSS). This can be exploited via objects with a custom `toString()` function.
**Recommendations**
For versions prior to 3.49.0, update to version 3.49.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of objects with custom `toString()` functions in SSR until a patch is applied.