Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting (XSS) vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter (`callbackUrl`), which is passed to `router.push`. An attacker can craft a malicious link that, when opened by an authenticated user (or an unauthenticated user that later logs in), performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to credential theft, internal network pivoting, and unauthorized actions performed on behalf of the victim. Version 26.2.0 contains a patch for the issue.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:LOry Polis
APPOry< 26.2.0
Powiązane podatności
Ory Oathkeeper: pominięcie autoryzacji przez path traversal w URL
Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2...
Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, ...
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP reques...
Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, th...