Home > Vulnerability Database > CVE-2025-27109

Mend.io Vulnerability Database

CVE-2025-27109

Good to know:

Date: February 21, 2025

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity Score

7.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-27109

Url: https://github.com/solidjs/solid/commit/b93956f28ed75469af6976a98728e313d0edd236

Url: https://github.com/solidjs/solid

Url: https://github.com/solidjs/solid/security/advisories/GHSA-3qxh-p7jc-5xh6

Url: https://www.mend.io/vulnerability-database/CVE-2025-27109

Severity Score

7.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Improper Encoding or Escaping of Output

CWE-116

Top Fix

Upgrade Version

Upgrade to version solid-js - 1.9.4

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-27109

Good to know:

Date: February 21, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?