Cross-site Scripting (XSS)

urql/next is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper sanitization of HTML-like characters in the response stream. An attacker can inject malicious scripts by ensuring that the response returns html tags and that the web-application is using streamed responses...

CVE-2024-24556 XSS in @urql/next

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...