CVE-2025-27109

HIGH Year: 2025
CVSS v3 Score
7.3
High
Weakness Type
CWE-79
View all →

Vulnerability Description

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2019-10049

HIGH
CVSS:7.3(High)

It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn op...

CWE-792019

CVE-2019-17331

HIGH
CVSS:7.3(High)

The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS)...

CWE-792019

CVE-2019-17332

HIGH
CVSS:7.3(High)

The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripti...

CWE-792019

CVE-2019-17338

HIGH
CVSS:7.3(High)

The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting ...

CWE-792019

CVE-2020-15154

HIGH
CVSS:7.3(High)

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields...

CWE-792020

CVE-2020-15155

HIGH
CVSS:7.3(High)

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components is toolbar.php. The...

CWE-792020