Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-h2p9-cr4h-px24 | Blitz has a Cross-site Scripting issue |
Wed, 27 May 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 27 May 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Blitzjs
Blitzjs blitz |
|
| Vendors & Products |
Blitzjs
Blitzjs blitz |
Tue, 26 May 2026 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |
| Title | blitz-js blitz Sign-in LoginForm.tsx cross site scripting | |
| First Time appeared |
Blitz-js
Blitz-js blitz |
|
| Weaknesses | CWE-79 CWE-94 |
|
| CPEs | cpe:2.3:a:blitz-js:blitz:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Blitz-js
Blitz-js blitz |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-05-27T19:59:37.342Z
Reserved: 2026-05-25T19:12:43.499Z
Link: CVE-2026-9520
Updated: 2026-05-27T19:59:33.438Z
Status : Deferred
Published: 2026-05-26T02:16:40.823
Modified: 2026-06-17T11:05:25.710
Link: CVE-2026-9520
No data.
OpenCVE Enrichment
Updated: 2026-05-27T09:30:26Z
Github GHSA