CNNVD-202602-215 Information

CNNVD ID

CNNVD-202602-215

Related CVE

CVE-2026-25148

• CNNVD Published: 2026-02-03

Description (Chinese)

Qwik是Qwik Dev开源的一款微型Web框架。 Qwik 1.19.0之前版本存在跨站脚本漏洞，该漏洞源于服务器端渲染虚拟属性序列化存在跨站脚本漏洞，可能导致远程攻击者注入任意Web脚本。

Description (English)

Qwik is a microWeb framework from Qwik Dev Open Source. The pre-Qwik 1.19.0 version had a cross-site script loophole, which stemmed from the serialization of virtual properties by the server, which could result in a remote attacker injecting any of the Web scripts.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Qwik Dev

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/QwikDev/qwik/commit/fe2d9232c0bcec99411d51a00dae29295871d094 https://github.com/QwikDev/qwik/security/advisories/GHSA-m6jq-g7gq-5w3c

Patch

https://github.com/QwikDev/qwik/releases