4 matches found
CVE-2026-41067
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...
CVE-2026-41067
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline ,...
Astro 跨站脚本漏洞
Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 6.1.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of case-sensitive regular expressions in the defineScriptVars function, which cleaned and injected...
Cross-site Scripting (XSS)
Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the defineScriptVars function due to incomplete sanitization of closing tags within injected variables. A...