CVE-2025-64764

Опубликовано: 19 нояб. 2025

Источник: nvd

CVSS3: 7.1

CVSS3: 5.4

EPSS Низкий

Описание

Astro is a web framework. Prior to version 5.15.8, a reflected XSS vulnerability is present when the server islands feature is used in the targeted application, regardless of what was intended by the component template(s). This issue has been patched in version 5.15.8.

Ссылки

https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91
Patch
https://github.com/withastro/astro/security/advisories/GHSA-wrwg-2hg8-v723
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:astro:astro:*:*:*:*:*:node.js:*:*

Версия до 5.15.8 (исключая)

EPSS

Процентиль: 64%

0.00469

Низкий

7.1 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-80

Связанные уязвимости

GHSA-wrwg-2hg8-v723

CVSS3: 7.1

github

3 месяца назад

Astro vulnerable to reflected XSS via the server islands feature

EPSS

Процентиль: 64%

0.00469

Низкий

7.1 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-80