Lucene search
K

4 matches found

OSV
OSV
added 2026/06/23 5:36 p.m.3 views

CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS5.9AI score0.00235EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 5:36 p.m.42 views

CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51576

Name of the Vulnerable Software and Affected Versions immich versions 4ffa26c9 through 4eb1003 Description A reflected cross-site scripting XSS issue exists on the '/auth/login' page. The continue query parameter is processed by SvelteKit's redirect function without proper scheme or origin...

9.6CVSS6AI score0.00235EPSS
Exploits0References6
Hacker One
Hacker One
added 2020/01/10 3:26 p.m.20 views

Clario: Open redirect on https://account.mackeeper.com

Summary An attacker can redirect a user to any external website using the vulnerable parameter in https://account.mackeeper.com/auth/fb use parameter continue. Steps To Reproduce 1. Visit the following url: https://account.mackeeper.com/auth/fb?continue=https://google.com 2. Login 3. This will...

0.4AI score
Exploits0
Rows per page
Query Builder