Description
A routine npm audit reveals a moderate severity Cross-Site Scripting (XSS) vulnerability in postcss versions <8.5.10. The vulnerability exists via unescaped </style> tags in the CSS stringify output.
Impact
As a Next.js project, postcss is heavily relied upon in the dependency tree (node_modules/next/node_modules/postcss). While the exploitation surface may be limited depending on how user input is processed into CSS, it is best practice to resolve known vulnerabilities.
Suggested Fix
Run npm audit fix or upgrade the Next.js and PostCSS dependencies to their latest patched versions to ensure compliance and security.
Description
A routine
npm auditreveals a moderate severity Cross-Site Scripting (XSS) vulnerability inpostcssversions<8.5.10. The vulnerability exists via unescaped</style>tags in the CSS stringify output.Impact
As a Next.js project,
postcssis heavily relied upon in the dependency tree (node_modules/next/node_modules/postcss). While the exploitation surface may be limited depending on how user input is processed into CSS, it is best practice to resolve known vulnerabilities.Suggested Fix
Run
npm audit fixor upgrade the Next.js and PostCSS dependencies to their latest patched versions to ensure compliance and security.