2 matches found
GHSA-MJF5-7G4M-GX5W Storybook Dev Server is Vulnerable to WebSocket Hijacking
Summary The WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability only affects the Storybook dev server; production builds are not impacted. Details Exploitation requires a developer to visit a malicious...
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting
Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...