6 matches found
EUVD-2026-16320
Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting XSS vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter callbackUrl,...
@boxyhq/saml-jackson (>=1.3.2 <=1.11.1), @boxyhq/saml20 (>=1.0.11 <=1.2.3) +4 more potentially affected by CVE-2025-29775 via xml-crypto (>=3.0.0 <=3.2.0)
xml-crypto NPM version =3.0.0, =1.3.2, =1.0.11, =1.13.3, =1.13.5, =2.1.0, =1.0.0, =1.0.1 Source cves: CVE-2025-29775 Source advisory: OSV:GHSA-X3M8-899R-F7C3...
@boxyhq/saml-jackson (>=1.11.2 <=1.40.2), @boxyhq/saml20 (>=1.2.4 <=1.8.0) +8 more potentially affected by CVE-2025-29775 via xml-crypto (>=4.1.0 <=6.0.0)
xml-crypto NPM version =4.1.0, =1.11.2, =1.2.4, =1.0.0, =4.0.0, =1.0.0, =0.0.1, =0.0.2 - saml-nofs =3.0.2 - verifactu-utils =1.1.0 Source cves: CVE-2025-29775 Source advisory: OSV:GHSA-X3M8-899R-F7C3...
@boxyhq/saml-jackson (>=1.11.2 <=1.40.2), @boxyhq/saml20 (>=1.2.4 <=1.8.0) +8 more potentially affected by CVE-2025-29774 via xml-crypto (>=4.1.0 <=6.0.0)
xml-crypto NPM version =4.1.0, =1.11.2, =1.2.4, =1.0.0, =4.0.0, =1.0.0, =0.0.1, =0.0.2 - saml-nofs =3.0.2 - verifactu-utils =1.1.0 Source cves: CVE-2025-29774 Source advisory: OSV:GHSA-9P8X-F768-WP2G...
@boxyhq/saml-jackson (>=1.3.2 <=1.11.1), @boxyhq/saml20 (>=1.0.11 <=1.2.3) +4 more potentially affected by CVE-2025-29774 via xml-crypto (>=3.0.0 <=3.2.0)
xml-crypto NPM version =3.0.0, =1.3.2, =1.0.11, =1.13.3, =1.13.5, =2.1.0, =1.0.0, =1.0.1 Source cves: CVE-2025-29774 Source advisory: OSV:GHSA-9P8X-F768-WP2G...
@boxyhq/saml-jackson (>=1.11.2 <=1.17.1), @boxyhq/saml20 (>=1.2.4 <=1.4.1) +7 more potentially affected by CVE-2024-32962 via xml-crypto (>=4.1.0 <=5.1.1)
xml-crypto NPM version =4.1.0, =1.11.2, =1.2.4, =4.0.0, =1.0.0, =0.0.1, =0.0.2 - saml-nofs =3.0.2 - verifactu-utils =1.1.0 Source cves: CVE-2024-32962 Source advisory: OSV:GHSA-2XP3-57P7-QF4V...