GHSA-64VR-G452-QVP3 Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Summary We discovered a DOM Clobbering vulnerability in Vite when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name...