Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://serenity.is/docs/release-notes/6.8.0 |
![]() ![]() |
History
Thu, 13 Feb 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Serenity
Serenity serenity |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:serenity:serenity:*:*:*:*:*:*:*:* | |
Vendors & Products |
Serenity
Serenity serenity |
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-02T00:07:19.399Z
Reserved: 2024-02-19T00:00:00
Link: CVE-2024-26318

Updated: 2024-05-23T19:01:12.114Z

Status : Analyzed
Published: 2024-02-19T04:15:07.400
Modified: 2025-02-13T17:13:39.187
Link: CVE-2024-26318

No data.