Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-64764 PoC — Astro is vulnerable to Reflected XSS via the server islands feature

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-64764.yaml
Associated Vulnerability
Title:Astro is vulnerable to Reflected XSS via the server islands feature (CVE-2025-64764)
Description:Astro is a web framework. Prior to version 5.15.8, a reflected XSS vulnerability is present when the server islands feature is used in the targeted application, regardless of what was intended by the component template(s). This issue has been patched in version 5.15.8.
Description
Astro 5.15.8 contains a reflected XSS caused by improper handling of server islands feature, letting remote attackers execute scripts, exploit requires use of server islands in the application.
File Snapshot

 id: CVE-2025-64764

info:
  name: Astro - Reflected XSS via server islands feature
  author: Dhiyane

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →