- Description
- solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
๐จ CVE-2025-27109 ๐ด HIGH (7.3) ๐ข solidjs - solid ๐๏ธ < 1.9.4 ๐ https://t.co/vIDPZNm8u4 ๐ https://t.co/dXVw5j5ZO0 #CyberCron #VulnAlert https://t.co/XuoiVVcu0X
@cybercronai
23 Feb 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Found 3 XSS vulnerabilities in @solid_js, with 2 of them having CVEs and 1 no fix. Thanks to the team for fixing the bugs swiftly! CVE-2025-27108, CVE-2025-27109 https://t.co/zGMcRirWhc https://t.co/IlQaUmWJO2
@ensyzip
22 Feb 2025
1894 Impressions
13 Retweets
43 Likes
17 Bookmarks
0 Replies
0 Quotes