Lucene search
K

4917 matches found

EUVD
EUVD
added 2026/01/10 2:39 a.m.4 views

EUVD-2026-1467

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

6.5CVSS6.3AI score0.00198EPSS
Exploits0References2
OSV
OSV
added 2026/01/10 2:39 a.m.9 views

CVE-2025-68470 React Router has unexpected external redirect via untrusted paths

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

6.5CVSS6.7AI score0.00198EPSS
Exploits0References3
CVE
CVE
added 2026/01/10 2:39 a.m.27 views

CVE-2025-68470

CVE-2025-68470 affects React Router (versions 6.0.0–6.30.1 and 7.0.0–7.9.5). An attacker-supplied path can cause a navigation/redirect to an external URL when navigating via navigate(), Link, or redirect(), if untrusted content is used in navigation paths. The issue is addressed in React Router b...

6.5CVSS6.4AI score0.00198EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/10 2:39 a.m.4 views

CVE-2025-68470 React Router has unexpected external redirect via untrusted paths

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

6.5CVSS6.4AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

react-router 跨站脚本漏洞

react-router is a Remix open source declarative routing for React. A cross-site scripting vulnerability exists in react-router versions 7.0.0 through 7.8.2, which stems from a cross-site scripting vulnerability when generating script:ld+json tags in framework mode, which could lead to the executi...

7.6CVSS6AI score0.00448EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.5 views

PT-2026-2120

Name of the Vulnerable Software and Affected Versions @remix-run/react versions prior to 2.17.3 react-router versions 7.0.0 through 7.11.0 Description React Router, a router for React, contains a cross-site scripting XSS issue within the API when operating in Framework Mode during Server-Side...

8.2CVSS5.8AI score0.00472EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.4 views

react-router 跨站脚本漏洞

react-router is a Remix open source declarative routing for React. A cross-site scripting vulnerability exists in React Router version 7.11.0 and earlier, which stems from the fact that an open navigation redirect may lead to an insecure URL, which could result in accidental client-side execution...

8CVSS5.9AI score0.0077EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.3 views

react-router 跨站请求伪造漏洞

react-router is a Remix open source declarative routing for React. A cross-site request forgery vulnerability exists in react-router version 7.11.0 and earlier, which stems from the vulnerability to a cross-site request forgery attack against document POST requests when using a server-side route...

6.5CVSS6.4AI score0.00128EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.7 views

PT-2026-1914

Name of the Vulnerable Software and Affected Versions React Router versions 6.0.0 through 6.30.1 React Router versions 7.0.0 through 7.9.5 Description A crafted path supplied by an attacker can cause a React Router application to navigate or redirect to an external URL when using navigate, , or...

6.5CVSS6.5AI score0.00198EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.3 views

react-router 输入验证错误漏洞

react-router is a Remix open source declarative routing for React. An input validation error vulnerability exists in React Router versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, which originates in specially crafted routes and could lead to redirection attacks...

6.5CVSS6.3AI score0.00198EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.4 views

react-router 跨站脚本漏洞

react-router is a Remix open source declarative routing for React. A cross-site scripting vulnerability exists in React Router versions 7.0.0 through 7.11.0 that stems from the use of untrusted content to generate keys during server-side rendering, which could lead to a cross-site scripting attac...

8.2CVSS5.7AI score0.00472EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.8 views

PT-2026-2138

Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.11.0 @remix-run/server-runtime versions prior to 2.17.3 Description React Router, used as a router for React applications, is susceptible to Cross-Site Request Forgery CSRF attacks. This affects document...

6.5CVSS6.4AI score0.00128EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.5 views

CVE-2023-25933

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, mos...

9.8CVSS9.6AI score0.00891EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.5 views

CVE-2021-31712

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...

5.4CVSS6.8AI score0.00795EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.14 views

CVE-2020-12113

BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used...

6.1CVSS5.8AI score0.00947EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.48 views

CVE-2023-25572

react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...

5.4CVSS5.4AI score0.00694EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.8 views

CVE-2022-31103

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...

7.5CVSS6.5AI score0.01383EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/09 2:8 a.m.3 views

EUVD-2026-1839

Malicious code in secguest-react-lib npm...

6.6AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/08 8:57 p.m.10 views

React Router has CSRF issue in Action/Server Action Request Processing

React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...

6.5CVSS5.5AI score0.00128EPSS
Exploits0References3Affected Software2
Snyk
Snyk
added 2026/01/08 8:57 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper origin checks of UI route submissions in server-side route action handlers in Framework Mode. An attacker can execute unauthorized actions by tricking a user into submitting a crafted...

6.9CVSS6.8AI score0.00128EPSS
Exploits0References3
Rows per page
Query Builder