Описание
Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)
Summary
The better-auth /api/auth/error page was vulnerable to HTML injection, resulting in a reflected cross-site scripting (XSS) vulnerability.
Details
The value of error URL parameter was reflected as HTML on the error page: https://github.com/better-auth/better-auth/blob/05ada0b79dbcac93cc04ceb79b23ca598d07830c/packages/better-auth/src/api/routes/error.ts#L81
Impact
An attacker who exploited this vulnerability by coercing a user to visit a specially-crafted URL could execute arbitrary JavaScript in the context of the user's browser.
Ссылки
- https://github.com/better-auth/better-auth/security/advisories/GHSA-9x4v-xfq5-m8x5
- https://github.com/better-auth/better-auth/commit/7ae340e2eddad641b7e43d24d37c58a66ce9ddcf
- https://github.com/better-auth/better-auth/blob/05ada0b79dbcac93cc04ceb79b23ca598d07830c/packages/better-auth/src/api/routes/error.ts#L81
Пакеты
Наименование
better-auth
npm
Затронутые версииВерсия исправления
>= 0.0.2, < 1.1.16
1.1.16
5.1 Medium
CVSS4
Дефекты
CWE-79
5.1 Medium
CVSS4
Дефекты
CWE-79