Количество 2
Количество 2
CVE-2020-26938
In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.
GHSA-4rg6-fm25-gc34
oauth2-server through 3.1.1 vulnerable to Open Redirect
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-26938 In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741. | CVSS3: 7.2 | 0% Низкий | больше 3 лет назад |
| GHSA-4rg6-fm25-gc34 oauth2-server through 3.1.1 vulnerable to Open Redirect | CVSS3: 7.2 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу