ExploitReport

The Exploit Report — Portfolio React A single-page React si...

EUVD-2024-3078

Malicious code in bioql PyPI...

CVE-2024-47885

The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting XSS in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements i.e., iframe tag...

GHSA-M85W-3H95-HCF9 DOM Clobbering Gadget found in astro's client-side router that leads to XSS

Summary A DOM Clobbering gadget has been discoverd in Astro's client-side router. It can lead to cross-site scripting XSS in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements i.e., iframe tags with unsanitized name attributes on the destinati...

DOM Clobbering Gadget found in astro's client-side router that leads to XSS

Summary A DOM Clobbering gadget has been discoverd in Astro's client-side router. It can lead to cross-site scripting XSS in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements i.e., iframe tags with unsanitized name attributes on the destinati...

CVE-2024-47885

The CVE-2024-47885 entry relates to a DOM Clobbering gadget in Astro’s client-side router. Affected are Astro versions 3.0.0 through 4.16.0/4.16.1 pre-patch, where stored attacker-controlled scriptless HTML elements (e.g., iframe with unsanitized name attributes) on pages using ViewTransitions ca...

CVE-2024-47885 astro's client-side router has DOM Clobbering Gadget that leads to XSS

The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting XSS in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements i.e., iframe tag...

PT-2024-32873 · Astro · Astro

Name of the Vulnerable Software and Affected Versions: Astro versions 3.0.0 through 4.16.0 Description: The Astro web framework has a DOM Clobbering gadget in the client-side router. This issue can lead to cross-site scripting XSS in websites that enable Astro's client-side routing and have store...