PT-2026-22077 · Svelte · Svelte
Maksyche
·
Published
2026-02-26
·
Updated
2026-03-05
·
CVE-2026-27902
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Svelte versions prior to 5.53.5
Description
Errors originating from the
transformError function were not properly sanitized before being included in the HTML output. This could lead to potential HTML injection and cross-site scripting (XSS) if the transformError function returns content controlled by an attacker. The transformError function is responsible for handling and formatting errors during the transformation process.Recommendations
Update to Svelte version 5.53.5 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Svelte