CVE-2025-32388

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/sveltejs/kit/commit/d3300c6a67908590266c363dba7b0835d9a194cf", "name": "https://github.com/sveltejs/kit/commit/d3300c6a67908590266c363dba7b0835d9a194cf", "tags": [], "refsource": ""}, {"url": "https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.20.6", "name": "https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.20.6", "tags": [], "refsource": ""}, {"url": "https://github.com/sveltejs/kit/security/advisories/GHSA-6q87-84jw-cjhp", "name": "https://github.com/sveltejs/kit/security/advisories/GHSA-6q87-84jw-cjhp", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. This vulnerability is fixed in 2.20.6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-32388", "ASSIGNER": "security-advisories@github.com"}}, "impact": {}, "publishedDate": "2025-04-15T23:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-15T23:15Z"}