2 matches found
CVE-2018-1000088
CVE-2018-1000088 affects Doorkeeper versions 2.1.0 through 4.2.5 with a Stored XSS vulnerability in the web view of the OAuth client form (name field) that can execute payloads when a user interacts with an injected link. The root cause is improper handling of client names in the OAuth flow, allo...
Doorkeeper gem has stored XSS on authorization consent view
Stored XSS on the OAuth Client's name will cause users being prompted for consent via the "implicit" grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization link...