repostat: Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard
The RepoCard component is vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name (repo prop) during the loading state without any sanitization. If a developer using this package passes unvalidated user input directly into the repo prop (for example, reading it from a URL query parameter), an attacker can execute arbitrary JavaScript in the context of the user's browser.