2 matches found
CVE-2025-61928
CVE-2025-61928 affects Better Auth (TypeScript) prior to version 1.3.26. The vulnerability allows unauthenticated attackers to create or modify API keys for any user by supplying the target user’s id in the request body to api/auth/api-key/create (and similarly in the update endpoint). The issue ...
The vulnerability of the TypeScript-based authentication library Better Auth, related to the lack of protective measures for website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of the TypeScript-based authentication library Better Auth relates to the lack of measures taken to protect the website structure when processing the error parameter. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...