Lucene search
K

5 matches found

Cvelist
Cvelist
added yesterday21 views

CVE-2026-47428 Vitest browser mode serves unsanitized otelCarrier query parameter as inline script

Vitest is a testing framework powered by Vite. From 4.0.17 until 4.1.6 and 5.0.0-beta.3, Vitest Browser Mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script, allowing a crafted browser-runner URL to execute arbitrary JavaScript in the Vitest...

9.6CVSS0.0005EPSS
Exploits0References7
CVE
CVE
added yesterday40 views

CVE-2026-47428

Vitest browser mode is affected by an XSS in which the otelCarrier query parameter is inserted directly into an inline script. Affected versions are 4.0.17 through 4.1.6 and 5.0.0-beta.3; this can allow an attacker to craft a browser-runner URL to execute arbitrary JavaScript in the Vitest server...

9.6CVSS6.3AI score0.0005EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/01 2:12 p.m.45 views

Vitest browser mode serves unsanitized otelCarrier query parameter as inline script

Summary Vitest browser mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vitest...

9.6CVSS6.1AI score0.0005EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/01 2:12 p.m.32 views

GHSA-2H32-95RG-CPPP Vitest browser mode serves unsanitized otelCarrier query parameter as inline script

Summary Vitest browser mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vitest...

9.6CVSS6.1AI score0.0005EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.29 views

PT-2026-45491

Name of the Vulnerable Software and Affected Versions Vitest versions 4.0.17 through 4.1.5 Vitest versions 5.0.0-beta.0 through 5.0.0-beta.2 Description In browser mode, the software serves the '/ vitest test /' endpoint where the otelCarrier query parameter is inserted directly into an inline...

9.6CVSS6.5AI score0.0005EPSS
Exploits0References14
Rows per page
Query Builder