3 matches found
Cross-site Scripting (XSS)
Overview @react-router/dev is a Dev tools and CLI for React Router Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper neutralization of the HTTP Location header value in redirect HTML prerendering when using Framework Mode. An attacker can execute...
@c0va23/react-router-dev (=7.8.3-alpha.2), @holocron.so/cli (>=0.6.0 <=0.14.1) +15 more potentially affected by CVE-2026-23870 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.24)
@vitejs/plugin-rsc NPM version =0.4.11, =0.6.0, =0.5.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-experimental-2a6c7bc, =0.0.0-pr-32412-sha-4e0feb24, =1.0.2, =0.1.0, =0.0.1, =1.18.0-rsc.19, =0.1.0, =0.0.1-alpha.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-23870 Source advisory:...
@c0va23/react-router-dev (=7.8.3-alpha.2), @catmint/cli (>=0.0.0-prealpha.1 <=0.0.0-prealpha.26) +38 more potentially affected by CVE-2025-68155 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.26)
@vitejs/plugin-rsc NPM version =0.4.11, =0.0.0-prealpha.1, =0.0.0-prealpha.1, =0.2.0, =0.2.3, =0.2.4, =0.0.1-alpha.0, =16.2.6, =0.0.9, =0.6.0, =0.5.0, =0.0.0-experimental.1, =0.1.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-fff5d2d and more Source cves: CVE-2025-68155 Source advisory:...