GHSA-92R3-M2MG-PJ97 Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Summary When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transformed output by supplying a...