A vulnerability classified as problematic has been found in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in . This manipulation of the argument Next causes cross site scripting. The identification of this vulnerability is CVE-2026-9520 . It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about th