A XSS vulnerability exists in in React Router's meta()/<Meta> APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag.
[!NOTE] This does not impact applications using Declarative Mode (
<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>).
2.17.17.9.0Exploitability
AV:NAC:LPR:LUI:RScope
S:CImpact
C:HI:LA:N7.6/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N