Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a victim's browser in the context of the affected origin.
This issue has been patched in version 1.19.0.
Attack Parameters
Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
None
Права не нужны
User Interaction
Passive
Минимальное взаимодействие
Impact Assessment
Confidentiality
None
Нет утечки данных
Integrity
None
Нет модификации данных
Availability
None
Нет нарушения работы
CVSS Vector v4.0