CVE-2022-24717

Name of the Vulnerable Software and Affected Versions ssr-pages versions prior to 0.1.5

Description A cross site scripting (XSS) issue can occur when providing untrusted input to the redirect.link property as an argument to the build(MessagePageOptions) function. This issue affects the ssr-pages HTML page builder, which is used for server-side rendering (SSR).

Recommendations For versions prior to 0.1.5, update to version 0.1.5 to resolve the issue. As a temporary workaround, consider validating and sanitizing any untrusted input provided to the redirect.link property to minimize the risk of exploitation. Restrict access to the build(MessagePageOptions) function to trusted sources until the update is applied.