DOM-based XSS @remix-run/router Dependency in Confluence Data Center

This High severity DOM-based XSS vulnerability was introduced in versions 9.0.1, 9.0.3, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A...

@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects

A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintend...

DOM-based XSS @remix-run/router Dependency in Crowd Data Center

This High severity DOM-based XSS vulnerability was introduced in version 7.1.0 of Crowd Data Center. This DOM-based XSS vulnerability, with a CVSS Score of 8 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N allows an unauthenticated attacker to execute arbitrary HTML or JavaScrip...

SUSE CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

Linux Distros Unpatched Vulnerability : CVE-2026-22029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open...

CVE-2026-22029

CVE-2026-22029 stems from React Router/Remix Router open redirects in framework-mode redirects. Affected: @remix-run/router <1.23.2 and react-router <7.12.0 (7.0.0–7.11.0). Impact: unsafe URLs and potentially unintended JavaScript execution on the client when redirects originate from loader...

CVE-2026-22029 React Router vulnerable to XSS via Open Redirects

React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

Cross-site Scripting (XSS)

Overview @remix-run/router is a Nested/Data-driven/Framework-agnostic Routing Affected versions of this package are vulnerable to Cross-site Scripting XSS in the navigation redirect process for loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes. An attacker can execute...

@1023-ventures/merope2 (>=0.2.1 <=0.2.9), @1023-ventures/vega-core (>=0.5.0 <=0.6.2) +948 more potentially affected by CVE-2026-22029 via @remix-run/router (>=1.0.0 <=1.23.2-pre-v6.0)

@remix-run/router NPM version =1.0.0, =0.2.1, =0.5.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =2.7.0, =0.0.1, =0.1.0, =0.0.0, =23.1.12, =1.0.1, =0.0.6, =0.1.2 and more Source cves: CVE-2026-22029 Source advisory: SNYK:JS-REMIXRUNROUTER-14908530...

Open Redirect

Overview @remix-run/router is a Nested/Data-driven/Framework-agnostic Routing Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially...