Astro is a web framework. Prior to 6.3.3, when a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR. This vulnerability is fixed in 6.3.3.
Metrics
Affected Vendors & Products
References
History
Tue, 23 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 22 Jun 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Withastro
Withastro astro |
|
| Vendors & Products |
Withastro
Withastro astro |
Mon, 22 Jun 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Astro is a web framework. Prior to 6.3.3, when a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR. This vulnerability is fixed in 6.3.3. | |
| Title | Astro: Reflected XSS via unescaped slot name | |
| Weaknesses | CWE-80 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-06-22T17:31:56.313Z
Updated: 2026-06-23T14:11:04.510Z
Reserved: 2026-06-03T18:49:32.276Z
Link: CVE-2026-50146
Updated: 2026-06-23T14:10:51.229Z
No data.
No data.