175 matches found
GHSA-W2VJ-39QV-7VH7 Astro development server error page is vulnerable to reflected Cross-site Scripting
Summary A Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this...
Astro development server error page is vulnerable to reflected Cross-site Scripting
Summary A Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this...
CVE-2025-64745
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
CVE-2025-64745
CVE-2025-64745 affects Astro’s development server only. When trailingSlash is enabled, the dev 404 page can reflect an attacker-controlled pathname and inject arbitrary JavaScript, enabling a reflected XSS in the victim’s browser. Affected versions: 5.2.0 up to 5.15.5; fixed in 5.15.6. Impact is ...
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
PT-2025-46907
Name of the Vulnerable Software and Affected Versions Astro versions 5.2.0 through 5.15.6 Description A Reflected Cross-Site Scripting XSS vulnerability exists in Astro’s development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScrip...
Astro 跨站脚本漏洞
Astro is a web framework for content-driven websites in the Astro open source. A cross-site scripting vulnerability exists in Astro versions 5.2.0 through prior to 5.15.6, which stems from a reflective cross-site scripting vulnerability in the development server error page that could lead to the...
EUVD-2025-114477
Malicious code in development-server-electron-builder-hermes npm...
CVE-2025-11953
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks
Details have emerged about a now-patched critical security flaw in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system OS commands under certain conditions. "The vulnerability allows remote unauthenticated attackers to easily...
EUVD-2025-37505
The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
@react-native-community/cli has arbitrary OS command injection
The Metro Development Server, which is opened by the React Native CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
CVE-2025-11953
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
CVE-2025-11953
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
CVE-2025-11953 Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
CVE-2025-11953
The CVE-2025-11953 issue affects the React Native Community CLI Server API Node.js Package (versions 4.8.0 up to, but not including, 20.0.0). The Metro Development Server bound to external interfaces exposes an endpoint vulnerable to OS command injection, enabling unauthenticated network attacker...
CVE-2025-11953 Command injection in React Native Community CLI allows remote attackers to perform remote code execution by sending HTTP requests
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...
PT-2025-42804
Name of the Vulnerable Software and Affected Versions Vite versions 2.9.18 through 3.0.0 Vite versions 3.2.9 through 4.0.0 Vite versions 4.5.3 through 5.0.0 Vite versions 5.2.6 through 5.4.21 Vite versions 6.0.0 through 6.4.1 Vite versions 7.0.0 through 7.0.8 Vite versions 7.1.0 through 7.1.11...