4 matches found
CVE-2024-26318
Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character...
CVE-2024-26318
creationtimestamp| type| source ---|---|--- 2024-02-19 05:21:16+00:00| seen| https://t.me/ctinow/187449 2024-02-19 05:26:07+00:00| seen| https://t.me/ctinow/187450 2024-02-20 05:22:20+00:00| seen| https://t.me/arpsyndicate/3550 2025-03-25 19:24:56+00:00| seen|...
CVE-2024-26318
Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character...
CVE-2024-26318
Serenity CVE-2024-26318: In Serenity up to version 6.7.x, LoginPage.tsx allows return URLs not starting with a slash, which enables Cross‑Site Scripting via phishing/email links. The issue is described across multiple sources (Serenity release notes and Red Hat/Veracode advisories) as a client-si...