Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.
History

Thu, 13 Feb 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Serenity
Serenity serenity
Weaknesses CWE-79
CPEs cpe:2.3:a:serenity:serenity:*:*:*:*:*:*:*:*
Vendors & Products Serenity
Serenity serenity
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-02T00:07:19.399Z

Reserved: 2024-02-19T00:00:00

Link: CVE-2024-26318

cve-icon Vulnrichment

Updated: 2024-05-23T19:01:12.114Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-19T04:15:07.400

Modified: 2025-02-13T17:13:39.187

Link: CVE-2024-26318

cve-icon Redhat

No data.