to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for session theft and account compromise.\nThis issue affects Svelte: from 5.46.0 before 5.46.3.","inLanguage":"en-US","mainEntityOfPage":{"@type":"WebPage","@id":"https://intel.enki-guard.com/vulnerability/CVE-2025-15265-svelte-ssr-xss-via-unsafe-script-injection"},"url":"https://intel.enki-guard.com/vulnerability/CVE-2025-15265-svelte-ssr-xss-via-unsafe-script-injection","identifier":"CVE-2025-15265","keywords":"CVE-2025-15265, CVE, vulnerability, security advisory, Medium severity","about":{"@type":"Thing","name":"CVE-2025-15265","identifier":"CVE-2025-15265"},"author":{"@type":"Organization","name":"AnKi Security OÜ","url":"https://anki-security.com"},"publisher":{"@type":"Organization","name":"Enki CVE Intelligence","url":"https://intel.enki-guard.com","logo":{"@type":"ImageObject","url":"https://intel.enki-guard.com/og/static/home.png"}},"datePublished":"2026-01-15T20:16:03+00:00","dateModified":"2026-01-23T19:04:53+00:00","image":"https://intel.enki-guard.com/og/cve/CVE-2025-15265.png"}