0.001 Low
EPSS
Percentile
37.4%
devise_token_auth is vulnerable to cross-site scripting (XSS). The vulnerability exists as the omniauth failure endpoint is vulnerable through the message parameter.
message
github.com/lynndylanhurley/devise_token_auth/commit/3a907dd4ca9f4497212862026dafcdfebc32fc51
github.com/lynndylanhurley/devise_token_auth/issues/1332
github.com/lynndylanhurley/devise_token_auth/pull/1342