ATProto Browser
Experimental browser for the Atmosphere
Experimental browser for the Atmosphere
We just published an advisory for CVE-2025-32388, a moderate severity XSS vulnerability in SvelteKit. Please update to `@sveltejs/kit@2.20.6`. The vulnerability affects applications that iterate over all search parameters inside a server `load` function. More details in the advisory 👇
Apr 14, 2025, 6:03 PM
{
"uri": "at://did:plc:b6gbde64ngpelprsvnphc2l2/app.bsky.feed.post/3lms5jxewhc2s",
"cid": "bafyreid5jdcsjcoahyklzamd2aozreniqewlux2akdtnxuwmx3rgcvyaaq",
"value": {
"text": "We just published an advisory for CVE-2025-32388, a moderate severity XSS vulnerability in SvelteKit. Please update to `@sveltejs/kit@2.20.6`.\n\nThe vulnerability affects applications that iterate over all search parameters inside a server `load` function. More details in the advisory 👇",
"$type": "app.bsky.feed.post",
"embed": {
"$type": "app.bsky.embed.external",
"external": {
"uri": "https://github.com/sveltejs/kit/security/advisories/GHSA-6q87-84jw-cjhp",
"thumb": {
"$type": "blob",
"ref": {
"$link": "bafkreieor3i3shaebtbgi4nsqyjvhq77hge6gn3liamtelzg2zylp52toq"
},
"mimeType": "image/jpeg",
"size": 291075
},
"title": "XSS via tracked search_params",
"description": "### Summary\n\nUnsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of `event.url.searchParams` inside a server `load` function. Attackers can ex..."
}
},
"langs": [
"en"
],
"createdAt": "2025-04-14T18:03:50.681Z"
}
}