EPSS
Percentile
26.7%
@builder.io/qwik is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists due to improper sanitization of user inputs in render-ssr.ts, which allows an attacker to inject and execute arbitrary JavaScript.
render-ssr.ts
github.com/advisories/GHSA-hm7f-rq7q-j9xp
github.com/builderio/qwik/commit/4b2f89dbbd2bc0a2c92eae1a49bdd186e589151a
github.com/BuilderIO/qwik/pull/2475
huntr.dev/bounties/2da583f0-7f66-4ba7-9bed-8e7229aa578e