← voltar
CVE-2025-64764

Astro is vulnerable to Reflected XSS via the server islands feature

CVSS 7.1 HIGHEPSS 0.4%CWE-80
Astro is a web framework. Prior to version 5.15.8, a reflected XSS vulnerability is present when the server islands feature is used in the targeted application, regardless of what was intended by the component template(s). This issue has been patched in version 5.15.8.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Produtos afetados
withastro · astro

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91https://github.com/withastro/astro/security/advisories/GHSA-wrwg-2hg8-v723