Yuito-It

**Name of the Vulnerable Software and Affected Versions** React Router versions 7.5.1 through 7.13.1 **Description** When using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP `Location` header value can permit Cross-Site Scripting (XSS)—a vulnerability where malicious scripts are injected into trusted websites—in the statically generated HTML files if the redirect location originates from an untrusted source. This issue does not affect applications utilizing Declarative Mode (`<BrowserRouter>`) or Data Mode (`createBrowserRouter/<RouterProvider>`). **Recommendations** Update to version 7.13.2.