Skip to main content

Repostat

1 CVEs product

Monthly

CVE-2026-27612 npm MEDIUM POC PATCH This Month

Reflected XSS in Repostat's RepoCard React component prior to version 1.0.1 allows attackers to execute arbitrary JavaScript in users' browsers when developers pass unsanitized input from URL parameters or other sources to the repo prop. The vulnerability stems from unsafe use of dangerouslySetInnerHTML without input validation, and public exploit code exists. Upgrading to version 1.0.1 or later eliminates the risk by removing dangerouslySetInnerHTML in favor of safe JSX data binding.

Github React XSS Repostat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Reflected XSS in Repostat's RepoCard React component prior to version 1.0.1 allows attackers to execute arbitrary JavaScript in users' browsers when developers pass unsanitized input from URL parameters or other sources to the repo prop. The vulnerability stems from unsafe use of dangerouslySetInnerHTML without input validation, and public exploit code exists. Upgrading to version 1.0.1 or later eliminates the risk by removing dangerouslySetInnerHTML in favor of safe JSX data binding.

Github React XSS +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy