Lucene search
K

416 matches found

VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-46982

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce...

7.5CVSS5.8AI score0.60625EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:6 a.m.11 views

CVE-2024-45047

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...

6.1CVSS5.8AI score0.00344EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:12 p.m.6 views

CVE-2022-24717

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.5, a cross site scripting XSS issue can occur when providing untrusted input to the redirect.link property as an argument to the buildMessagePageOptions function. While there is no known...

6.1CVSS5.6AI score0.00852EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.6 views

PT-2025-19842 · Qualcomm · Snapdragon +19

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to memory corruption that occurs during concurrent Server-Side Rendering SSR execution. This corruption is caused by a race condition on the global maps list...

7.8CVSS6.3AI score0.00088EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/04/28 2:36 p.m.3 views

SUSE CVE-2025-43864

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS8.2AI score0.23628EPSS
Exploits0References3
NVD
NVD
added 2025/04/25 1:15 a.m.39 views

CVE-2025-43864

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS0.23628EPSS
Exploits0References3
OSV
OSV
added 2025/04/25 12:18 a.m.7 views

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS7AI score0.23628EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/04/24 4:31 p.m.20 views

React Router allows a DoS via cache poisoning by forcing SPA mode

Summary After some research, it turns out that it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this...

7.5CVSS6.9AI score0.23628EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 9:41 p.m.9 views

CVE-2022-24718

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...

7.6CVSS6.5AI score0.01113EPSS
Exploits0References1
Veracode
Veracode
added 2024/09/18 6:58 a.m.11 views

Cache Poisoning

Next is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of crafted HTTP requests, causing the incorrect caching of non-dynamic server-side rendered routes in the pages router. It allows an attacker to manipulate the cache, potentially serving stale or incorrect conten...

7.5CVSS7.4AI score0.60625EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2024/09/17 9:58 p.m.2 views

GHSA-GP8F-8M3G-QVJ9 Next.js Cache Poisoning

Impact By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a...

8.7CVSS5.8AI score0.60625EPSS
Exploits3References5
CVE
CVE
added 2024/09/17 9:55 p.m.574 views

CVE-2024-46982

CVE-2024-46982 affects Next.js pages router SSR caching: crafted requests can poison non-dynamic SSR routes (e.g., pages/dashboard.tsx) and lead to caching of sensitive responses with Cache-Control: s-maxage=1, stale-while-revalidate, potentially spreading via upstream CDNs. Affected versions are...

7.5CVSS7.3AI score0.60625EPSS
Exploits3References3Affected Software1
Veracode
Veracode
added 2024/09/02 4:13 a.m.7 views

Cross Site Scripting(XSS)

Svelte is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping during server-side rendering, allowing an attacker to inject malicious content and execute unauthorized scripts in the victim's browser...

6.1CVSS6.1AI score0.00344EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/08/30 4:49 p.m.2 views

GHSA-8266-84WP-WV5C Svelte has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19. Details Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules: - If the string is an attribute value: - " - " - & - & - Other characters - No conversion -...

5.4CVSS5.9AI score0.00344EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/08/30 12:0 a.m.4 views

PT-2024-31398 · Svelte · Svelte

Name of the Vulnerable Software and Affected Versions: Svelte versions prior to 4.2.19 Description: A potential mXSS vulnerability exists in Svelte due to improper HTML escaping on server-side rendering. The issue arises when the final DOM tree rendered on browsers differs from what Svelte expect...

6.1CVSS6.1AI score0.00344EPSS
Exploits1References11
CNNVD
CNNVD
added 2024/08/30 12:0 a.m.7 views

Svelte 跨站脚本漏洞

Svelte is a new way to build web applications from Svelte Open Source. A cross-site scripting vulnerability exists in Svelte 4.2.19 and earlier versions that stems from improper HTML escaping during server-side rendering, which could lead to a variant cross-site scripting attack, especially when...

6.1CVSS5.6AI score0.00344EPSS
Exploits1References3
Veracode
Veracode
added 2024/08/07 4:35 a.m.11 views

Cross-Site Scripting

@builder.io/qwik is vulnerable to Cross-Site Scripting. The vulnerability is due to improper escaping of HTML on server-side rendering, which converts strings according to the rules in the render-ssr.ts...

6.3CVSS6.5AI score0.00469EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/08/06 6:24 p.m.12 views

GHSA-2RWJ-7XQ8-4GX4 Qwik has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential mXSS vulnerability exists in Qwik for versions up to 1.6.0. Details Qwik improperly escapes HTML on server-side rendering. It converts strings according to the following rules: https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.tsL1182-L12...

6.3CVSS6AI score0.00469EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.3 views

Qwik 安全漏洞

Qwik is a micro web framework open-sourced by Qwik Dev. A security vulnerability exists in Qwik version 1.6.0 and earlier versions that stems from incorrectly escaping HTML during server-side rendering, resulting in a cross-site scripting vulnerability...

6.3CVSS5.8AI score0.00469EPSS
Exploits1References4
OSV
OSV
added 2024/08/05 7:49 p.m.6 views

GHSA-VF6R-87Q4-2VJF nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR

Summary The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. Details The function first tests to see if the specified URL has a protocol. This uses the unjs/ufo package for URL...

6.3CVSS5.9AI score0.00411EPSS
Exploits1References3
Rows per page
Query Builder