8655 matches found
Cross-site Scripting (XSS)
Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the corrected variable in the error page template when the trailingSlash configuration is set to 'always...
EUVD-2025-175382
Astro development server error page vulnerable to reflected Cross-site Scripting...
GHSA-W2VJ-39QV-7VH7 Astro development server error page is vulnerable to reflected Cross-site Scripting
Summary A Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this...
Astro development server error page is vulnerable to reflected Cross-site Scripting
Summary A Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this...
CVE-2025-64745
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
CVE-2025-64745
CVE-2025-64745 affects Astro’s development server only. When trailingSlash is enabled, the dev 404 page can reflect an attacker-controlled pathname and inject arbitrary JavaScript, enabling a reflected XSS in the victim’s browser. Affected versions: 5.2.0 up to 5.15.5; fixed in 5.15.6. Impact is ...
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...
EUVD-2025-179299
Malicious code in development-webdriver-mocha-leda-bellatrix npm...
EUVD-2025-179307
Malicious code in development-dependencies-cybernetics-cryptography npm...
EUVD-2025-179298
Malicious code in development-xerxes-dagda-repository npm...
EUVD-2025-178272
Malicious code in jovian-development-meissa-configstore npm...
EUVD-2025-177680
Malicious code in nebula-development-less-loader-achernar npm...
EUVD-2025-180091
Malicious code in betelgeuse-development-heliophysics-cordelia npm...
EUVD-2025-177224
Malicious code in phenomic-prettier-stylelint-development-library npm...
EUVD-2025-177119
Malicious code in pm2-development-postcss-callback npm...
EUVD-2025-179277
Malicious code in dorado-development-troposphere-futurology npm...
EUVD-2025-179300
Malicious code in development-warp-geoarchaeology-odin npm...
EUVD-2025-177930
Malicious code in mdx-development-elara-stratosphere npm...