Name of the Vulnerable Software and Affected Versions preact versions prior to 10.0.0-beta.1

Description The issue is related to insufficient input validation, allowing attackers to inject JavaScript objects as virtual-dom nodes, which may lead to Cross-Site Scripting. This occurs when user input parsed with JSON.parse() is passed directly into JSX without sanitization.

Recommendations Upgrade to version 10.0.0-beta.1. As a temporary workaround, consider sanitizing user input before passing it into JSX to minimize the risk of exploitation.