Lucene search
K

417 matches found

EUVD
EUVD
added 2026/01/10 2:41 a.m.5 views

EUVD-2026-1466

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

8.2CVSS5.9AI score0.00472EPSS
Exploits0References2
CVE
CVE
added 2026/01/10 2:41 a.m.27 views

CVE-2026-21884

CVE-2026-21884 is a Cross-Site Scripting (XSS) vulnerability in React Router SSR usage. Affected: @remix-run/react prior to 2.17.3 and react-router 7.0.0–7.11.0. Root cause: during Server-Side Rendering in Framework Mode, using getKey/storageKey with can allow arbitrary JavaScript execution if u...

8.2CVSS6.1AI score0.00472EPSS
Exploits0References8Affected Software2
Cvelist
Cvelist
added 2026/01/10 2:41 a.m.25 views

CVE-2026-21884 React Router SSR XSS in ScrollRestoration

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

8.2CVSS0.00472EPSS
Exploits0References1
OSV
OSV
added 2026/01/10 2:41 a.m.3 views

CVE-2026-21884 React Router SSR XSS in ScrollRestoration

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

8.2CVSS6.2AI score0.00472EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/10 2:40 a.m.4 views

CVE-2025-59057 React Router has XSS Vulnerability

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...

7.6CVSS6.1AI score0.00448EPSS
Exploits0References1
CVE
CVE
added 2026/01/10 2:40 a.m.25 views

CVE-2025-59057

CVE-2025-59057 concerns an XSS vulnerability in React Router’s meta()/ APIs when used in Framework Mode. Affected software includes React Router 7.0.0–7.8.2 and @remix-run/react 1.15.0–2.17.0; the issue can enable arbitrary JavaScript execution during SSR if untrusted content is used to generate ...

7.6CVSS6.1AI score0.00448EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2026/01/10 2:40 a.m.5 views

CVE-2025-59057 React Router has XSS Vulnerability

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...

7.6CVSS6.4AI score0.00448EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.7 views

react-router 跨站脚本漏洞

react-router is a Remix open source declarative routing for React. A cross-site scripting vulnerability exists in react-router versions 7.0.0 through 7.8.2, which stems from a cross-site scripting vulnerability when generating script:ld+json tags in framework mode, which could lead to the executi...

7.6CVSS6AI score0.00448EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:5 a.m.8 views

CVE-2024-41677

Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the render-ssr.ts file. It sometimes...

6.3CVSS5.8AI score0.00469EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/08 8:50 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ScrollRestoration API when using the getKey or storageKey props during server-side rendering in Framework Mode. An attacker can execute arbitrary JavaScript code by supplying untrusted content to generat...

8.2CVSS5.4AI score0.00472EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/08 8:50 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ScrollRestoration API when using the getKey or storageKey props during server-side rendering in Framework Mode. An attacker can execute arbitrary JavaScript code by supplying untrusted content to generat...

8.2CVSS5.4AI score0.00472EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/08 8:50 p.m.2 views

Cross-site Scripting (XSS)

Overview @remix-run/react is a React DOM bindings for Remix Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ScrollRestoration API when using the getKey or storageKey props during server-side rendering in Framework Mode. An attacker can execute arbitrary...

8.2CVSS5.4AI score0.00472EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/08 8:50 p.m.7 views

React Router SSR XSS in ScrollRestoration

A XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. !NOTE This does not impact applications if...

8.2CVSS6.5AI score0.00472EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/01/08 8:50 p.m.2 views

GHSA-8V8X-CX79-35W7 React Router SSR XSS in ScrollRestoration

A XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. !NOTE This does not impact applications if...

8.2CVSS6.3AI score0.00472EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/08 8:42 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Meta API in Framework Mode when generating script:ld+json tags during server-side rendering with untrusted content. An attacker can execute arbitrary JavaScript code by injecting malicious input into the...

7.6CVSS5.4AI score0.00448EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/08 8:42 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Meta API in Framework Mode when generating script:ld+json tags during server-side rendering with untrusted content. An attacker can execute arbitrary JavaScript code by injecting malicious input into the...

7.6CVSS5.4AI score0.00448EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/08 8:42 p.m.25 views

React Router has XSS Vulnerability

A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. !NOTE This does not impact applications using Declarative Mode or Data Mod...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/01/08 8:42 p.m.4 views

GHSA-3CGP-3XVW-98X8 React Router has XSS Vulnerability

A XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. !NOTE This does not impact applications using Declarative Mode or Data Mod...

7.6CVSS6.4AI score0.00448EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.5 views

PT-2026-2120

Name of the Vulnerable Software and Affected Versions @remix-run/react versions prior to 2.17.3 react-router versions 7.0.0 through 7.11.0 Description React Router, a router for React, contains a cross-site scripting XSS issue within the API when operating in Framework Mode during Server-Side...

8.2CVSS5.8AI score0.00472EPSS
Exploits0References19
Veracode
Veracode
added 2025/12/15 4:44 p.m.7 views

Prototype Pollution

Vuetify is vulnerable to Prototype Pollution. The vulnerability is due to the internal mergeDeep utility merging user-supplied preset objects without proper safeguards, which allows an attacker to supply a crafted preset to pollute JavaScript object prototypes and potentially cause denial of...

8.6CVSS7AI score0.00281EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder