CVE-2019-16751

Devise Token Auth (through 1.1.2) is affected by a Reflected XSS in the omniauth failure endpoint, specifically via the message parameter in the fallback_render method of the omniauth callbacks controller. Unauthenticated attackers can craft a URL to execute malicious JavaScript in a victim’s bro...