Количество 2
Количество 2
CVE-2019-16751
An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects the fallback_render method in the omniauth callbacks controller.
GHSA-mvqr-r76c-wm5f
Devise Token Auth vulnerable to Cross-site Scripting
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-16751 An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects the fallback_render method in the omniauth callbacks controller. | CVSS3: 6.1 | 1% Низкий | больше 6 лет назад |
| GHSA-mvqr-r76c-wm5f Devise Token Auth vulnerable to Cross-site Scripting | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу