Listen to this Post
The vulnerability arises because Astro versions prior to 6.1.10 used AES-GCM encryption to protect server island props and slots but did not cryptographically bind the ciphertext to its intended component or parameter type.
During a server island request, the encrypted props (p) and slots (s) are transmitted separately. Since the encryption lacks contextual binding, an attacker can replay an encrypted prop value as a slot (or vice versa).
Because slots can contain raw, unescaped HTML while props may include user-controlled data, this replay attack can lead to cross‑site scripting (XSS).
The attack requires three specific conditions to be met:
1. The application uses server islands.
- Two different server island components share the same key name for a prop and a slot.
- The attacker has full control over the value of the overlapping prop (which requires a dynamically rendered page).
The fix, introduced in [email protected], binds each encrypted parameter to its target component and purpose using AES‑GCM authenticated additional data (AAD).
Every ciphertext now includes a specific context, such as `props:IslandName` orslots:IslandName, making it impossible to replay encrypted data across different components or to exchange props with slots.
DailyCVE Form
Platform: Astro
Version: <6.1.10
Vulnerability: XSS (improper binding)
Severity: Low
Date: 2025-11-19
Prediction: 2025-11-15
What Undercode Say:
Check for vulnerable server‑island usage in a project
grep -r "server-islands" src/ && echo "Vulnerable"
Simulate an encrypted prop/slot replay
curl -X POST "http://example.com/_server-islands/Component" -d '{"p":"...","s":"..."}'
Verify fixed version
npm list astro | grep "6.1.10"
How Exploit:
An attacker crafts a POST request to /_server‑islands/[bash], swapping the `p` (encrypted props) value into the `s` (slots) parameter. If the target island component does not sanitize slot content, the replayed payload is injected as raw HTML, leading to XSS.
Protection from this CVE:
- Upgrade to Astro version 6.1.10 or later.
- If immediate upgrade is not possible, avoid using user‑controlled values in props that have overlapping names with slots.
- Sanitize all slot content before rendering, even when encryption is enabled.
Impact:
An attacker could execute arbitrary JavaScript in the victim’s browser, potentially stealing session cookies, defacing the page, or performing actions on behalf of the user. The impact is limited because the attack requires specific, unlikely conditions (e.g., dynamically rendered overlapping prop). However, once conditions are met, the XSS is fully reflected, making it a classic cross‑site scripting risk.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

