3 matches found
CVE-2026-53633
A flaw was found in Vitest Browser Mode, a component of the Vitest testing framework. The cdp API exposed raw Chrome DevTools Protocol CDP methods without proper security restrictions. This vulnerability allows a remote attacker, with access to browser API metadata, to leverage CDP functions like...
Cross-site Scripting (XSS)
Overview vitest is a Next generation testing framework powered by Vite Affected versions of this package are vulnerable to Cross-site Scripting XSS via the otelCarrier query parameter being directly inserted into an inline script without sanitization. An attacker can execute arbitrary JavaScript ...
CVE-2025-24964 Remote Code Execution when accessing a malicious website while Vitest API server is listening
Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking CSWSH attacks. When api option is enabled Vitest UI enables it, Vitest starts a...