RSS   Vulnerabilities for 'Devise token auth'   RSS

2019-09-24
 
CVE-2019-16751

CWE-79
 

 
An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects the fallback_render method in the omniauth callbacks controller.

 


Copyright 2024, cxsecurity.com

 

Back to Top