2 matches found
NPM: Astro: XSS via Unescaped Attribute Names in Spread Props
NPM: Astro: XSS via Unescaped Attribute Names in Spread Props vulnerability discovered by ? in WordPress Npm astro versions 6.4.6...
Astro: XSS via Unescaped Attribute Names in Spread Props
Summary The spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props on an HTML element and the object...