3 matches found
CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect
immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...
PT-2026-51576
Name of the Vulnerable Software and Affected Versions immich versions 4ffa26c9 through 4eb1003 Description A reflected cross-site scripting XSS issue exists on the '/auth/login' page. The continue query parameter is processed by SvelteKit's redirect function without proper scheme or origin...
Clario: Open redirect on https://account.mackeeper.com
Summary An attacker can redirect a user to any external website using the vulnerable parameter in https://account.mackeeper.com/auth/fb use parameter continue. Steps To Reproduce 1. Visit the following url: https://account.mackeeper.com/auth/fb?continue=https://google.com 2. Login 3. This will...