GHSA-V959-QXV6-6F8P ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login
Summary A potential vulnerability exists in ZITADEL's logout endpoint in login V2. This endpoint accepts serval parameters including a postlogoutredirect. When this parameter is specified, users will be redirected to the site that is provided via this parameter. ZITADEL's login UI did not ensure...