Skip to content

Cross-site Scripting in Serenity

Moderate severity GitHub Reviewed Published Feb 19, 2024 to the GitHub Advisory Database • Updated Feb 20, 2024

Package

npm @serenity-is/corelib (npm)

Affected versions

< 6.8.0

Patched versions

6.8.0
nuget Serenity.Net.Core (NuGet)
< 6.8.0
6.8.0

Description

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.

References

Published by the National Vulnerability Database Feb 19, 2024
Published to the GitHub Advisory Database Feb 19, 2024
Reviewed Feb 20, 2024
Last updated Feb 20, 2024

Severity

Moderate

EPSS score

0.043%
(11th percentile)

Weaknesses

CVE ID

CVE-2024-26318

GHSA ID

GHSA-5jjq-8cvj-v6m9

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.