GHSA-5jjq-8cvj-v6m9
- Source
- https://github.com/advisories/GHSA-5jjq-8cvj-v6m9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-5jjq-8cvj-v6m9/GHSA-5jjq-8cvj-v6m9.json
- Aliases
-
- CVE-2024-26318
- Published
- 2024-02-19T06:30:33Z
- Modified
- 2024-02-21T00:12:59.952534Z
- Details
-
Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.
- References
Affected packages
NuGet / Serenity.Net.Core
Package
Affected versions
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.0.11
5.0.12
5.0.13
5.0.17
5.0.18
5.0.19
5.0.20
5.0.21
5.0.22
5.0.23
5.0.24
5.0.25
5.0.26
5.0.27
5.0.28
5.0.29
5.0.30
5.0.31
5.0.32
5.0.33
5.0.34
5.0.35
5.0.36
5.0.37
5.0.38
5.0.39
5.0.40
5.0.41
5.0.42
5.0.43
5.0.44
5.0.45
5.0.46
5.0.47
5.0.48
5.0.49
5.0.50
5.0.51
5.1.0
5.1.1
5.1.2
5.1.3
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4
6.*
6.0.0
6.0.1
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.1.0
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.1.8
6.1.9
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.3.6
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.4.6
6.4.7
6.4.8
6.4.9
6.4.10
6.5.0
6.5.1
6.5.2
6.5.3
6.5.4
6.6.0
6.6.1
6.6.2
6.6.3
6.6.4
6.6.5
6.6.6
6.7.0
6.7.1
6.7.2
6.7.5
6.7.6