- Description
- solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
- security-advisories@github.com
- CWE-79
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
๐จ CVE-2025-27109 ๐ด HIGH (7.3) ๐ข solidjs - solid ๐๏ธ < 1.9.4 ๐ https://t.co/vIDPZNm8u4 ๐ https://t.co/dXVw5j5ZO0 #CyberCron #VulnAlert https://t.co/XuoiVVcu0X
@cybercronai
23 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Found 3 XSS vulnerabilities in @solid_js, with 2 of them having CVEs and 1 no fix. Thanks to the team for fixing the bugs swiftly! CVE-2025-27108, CVE-2025-27109 https://t.co/zGMcRirWhc https://t.co/IlQaUmWJO2
@ensyzip
22 Feb 2025
1894 Impressions
13 Retweets
43 Likes
17 Bookmarks
0 Replies
0 Quotes