Highkitten

**Name of the Vulnerable Software and Affected Versions** @urql/next versions prior to 1.1.1 **Description** The @urql/next package is vulnerable to XSS due to improper escaping of html-like characters in the response-stream. To exploit this, an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses (non-RSC). **Recommendations** For versions prior to 1.1.1, upgrade to version 1.1.1 to fix the vulnerability. As a temporary workaround, consider restricting the use of streamed responses (non-RSC) or ensuring proper escaping of html-like characters in the response-stream until a patch is available.