Lucene search
K

7 matches found

NVD
NVD
added 2026/06/22 7:17 p.m.30 views

CVE-2026-50146

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

7.1CVSS0.00177EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:31 p.m.6 views

CVE-2026-50146

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

7.1CVSS5.9AI score0.00177EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/22 5:31 p.m.22 views

CVE-2026-50146

CVE-2026-50146 affects the Astro web framework prior to 6.3.3. When a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attribute without escaping the slot name, allowing an attacker to break out of the attribute context and inject arbitrary HTML, re...

7.1CVSS5.9AI score0.00177EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 5:31 p.m.33 views

CVE-2026-50146 Astro: Reflected XSS via unescaped slot name

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

7.1CVSS0.00177EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/16 2:5 p.m.10 views

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-astro-template attribute when a component uses a client: directive and the slot name is not...

7.1CVSS5.8AI score0.00177EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49731

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.3.3 Description When a component utilizes a client: directive, the software inserts named slot content into a data-astro-template attribute without performing HTML escaping on the slot name. This allows an attacker to...

7.1CVSS6AI score0.00177EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/24 2:13 p.m.5 views

CVE-2026-28755

NGINX Plus and NGINX Open Source have a vulnerability in the ngxstreamsslmodule module due to the improper handling of revoked certificates when configured with the sslverifyclient on and sslocsp on directives, allowing the TLS handshake to succeed even after an OCSP check identifies the...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder