CVE-2023-38687

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 14, 2023

Updated: Aug 22, 2023

CWE ID 79

Summary

CVE-2023-38687 is a vulnerability that affects Svelecte, a flexible autocomplete/select component written in Svelte. This vulnerability allows for the injection of arbitrary HTML into the Svelecte dropdown, enabling the execution of untrusted JavaScript. Any website using Svelecte with dynamically created items from an external source or user-generated content could be at risk of cross-site scripting (XSS) attacks, clickjacking, or other malicious actions through arbitrary HTML injection. The severity of the impact depends on the trustworthiness of the source. Remediation for this vulnerability involves updating to a patched version of Svelecte or implementing proper input validation and escaping mechanisms for user-generated content.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database