github.com/ory/hydra is vulnerable to cross-site scripting (XSS). The vulnerability exists because it does not escape the error_hint
parameter in the default error handler, allowing the attacker to inject arbitrary script through it.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/ory/hydra | eq | HEAD | |
github.com/ory/hydra | le | 1.0.0-rc.2-oryOS.9 |