Primary

Context

Koa Redirect Function Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting vulnerability has been identified in Koa versions prior to 2.16.1 and prior to 3.0.0-alpha.5. The issue arises when untrusted user input is passed to the ctx.redirect() function, even after sanitization, potentially allowing the execution of JavaScript code in the context of the user using the application.

Impact

Exploitation of this vulnerability could lead to cross-site scripting, allowing for the execution of malicious JavaScript in the user's browser. This could be used to steal cookies or session information, or to redirect the user to a phishing site.

Remediation

Users can upgrade to Koa version 2.16.1 or 3.0.0-alpha.5 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.0

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Koa Redirect Function Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating