Astro - Reflected XSS via server islands feature

Astro 5.15.8 contains a reflected XSS caused by improper handling of server islands feature, letting remote attackers execute scripts, exploit requires use of server islands in the application. id: CVE-2025-64764 info: name: Astro - Reflected XSS via server islands feature author: DhiyaneshDk,zhe...

@antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1), @anyauth/design-system (>=0.5.0 <=0.5.1) +18 more potentially affected by CVE-2025-64764 via astro (>=5.0.0-beta.5 <=5.15.6)

astro NPM version =5.0.0-beta.5, =1.0.0, =0.5.0, =0.0.1, =0.1.0, =0.0.1, =2.18.7, =0.1.2-alpha.1, =0.0.28, =0.0.28, =1.13.2, =0.1.8, =1.0.21, =1.0.22 and more Source cves: CVE-2025-64764 Source advisory: SNYK:JS-ASTRO-14059122...

CVE-2025-64764

Astro is a web framework. Prior to version 5.15.8, a reflected XSS vulnerability is present when the server islands feature is used in the targeted application, regardless of what was intended by the component templates. This issue has been patched in version 5.15.8...