CVE-2026-27901: Svelte Content Editable Ssr Unescaped

Svelte SSR allowed contenteditable bindings (like innerText and textContent) to be improperly output without escaping, which can lead to Cross-Site Scripting (XSS).

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0

greprules fetch cve-2026-27901-svelte-content-editable-ssr-unescaped --engine opengrep

Description

Svelte SSR allowed contenteditable bindings (like innerText and textContent) to be improperly output without escaping, which can lead to Cross-Site Scripting (XSS).

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 146 downloads
0 direct146 via packs
· 0 stars · Quality score 77How quality works
Included packs: 2 packs

Community feedback

0 signals from signed-in users.

Useful: 0
False positive: 0
Metadata: 0