CVE-2025-27108
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
描述
> [!NOTE] > This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's `.replace()` opens up to potential XSS vulnerabilities with the special replacement patterns beginning with `$`. Particularly, when the attributes of `Meta` tag from solid-meta are user-defined, attackers can utilise the special replacement patterns, either `$'` or `$\`` to achieve XSS. The solid-meta package has this issue since it uses `useAffect` and context providers, which injects the used assets in the html header. "dom-expressions" uses `.replace()` to insert the assets, which is vulnerable to the special replacement patterns listed above. This effectively means that if the attributes of an asset tag contained user-controlled data, it would be vulnerable to XSS. For instance, there might be meta tags for the open graph protocol in a user profile page, but if attackers set the user query to some payload abusing `.replace()`, then they could execute arbitrary javascript in the victim's web browser. Moreover, it could be stored and cause more problems.
如何修補 CVE-2025-27108
要修補 CVE-2025-27108,請將受影響套件升級到下列已修補版本。
- —升級至 0.39.5 或更新版本
CVE-2025-27108 正在被利用嗎?
低 — EPSS 為 0.3%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 0.39.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|