Kkarikos

**Name of the Vulnerable Software and Affected Versions** SvelteKit versions prior to 2.20.6 **Description** The issue arises from unsanitized search param names, leading to an XSS vulnerability. This occurs when iterating over all entries of `event.url.searchParams` inside a server load function. Attackers can exploit this by crafting a malicious URL and getting a user to click on it. **Recommendations** For versions prior to 2.20.6, update to version 2.20.6 to resolve the issue. As a temporary workaround, consider avoiding the iteration over all entries of `event.url.searchParams` inside server load functions until the update is applied.