PT-2026-43177 · Blitz.Js · Blitz.Js

Trebledj

·

Published

2026-05-26

·

Updated

2026-05-26

·

CVE-2026-9520

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions blitz-js blitz versions prior to 3.0.3
Description A cross-site scripting issue exists in the Sign-in component within the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx. A remote attacker can initiate an attack by manipulating the Next argument. Cross-site scripting is a technique where malicious scripts are injected into trusted websites.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-9520
GHSA-H2P9-CR4H-PX24

Affected Products

Blitz.Js