Astro development server error page vulnerable to reflected Cross-site Scripting

Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Astro's development server error pages when the `trailingSlash` configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this vulnerability only affects the development server and not production builds, it could be exploited to compromise developer environments through social engineering or malicious links. Version 5.15.6 fixes the issue.

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Astro 跨站脚本漏洞

Astro是Astro开源的一个内容驱动网站的 web 框架。 Astro 5.2.0版本至5.15.6之前版本存在跨站脚本漏洞，该漏洞源于开发服务器错误页面存在反射型跨站脚本漏洞，可能导致执行任意JavaScript代码。

N/A

N/A