CVE-2022-24717: 
JavaScript vulnerability analysis and mitigation

ssr-pages is an HTML page builder for server-side rendering (SSR). In versions prior to 0.1.5, a cross-site scripting (XSS) vulnerability was discovered that could occur when providing untrusted input to the redirect.link property as an argument to the build(MessagePageOptions) function. The vulnerability was disclosed on March 1, 2022 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The issue is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). The vulnerability exists in the message page building functionality where user input is not properly sanitized before being used in the redirect link property (NVD).

If exploited, this XSS vulnerability could allow attackers to execute malicious scripts in the context of the user's browser when untrusted input is provided to the redirect link property. This could lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected user's session (NVD).

The vulnerability has been patched in version 0.1.5 of ssr-pages. Users should upgrade to this version or later to address the security issue. There were no known workarounds available prior to the patch (NVD).