Vulnerabilities (CVE)

Filtered by vendor Devise Token Auth Project Subscribe
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16751 1 Devise Token Auth Project 1 Devise Token Auth 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Devise Token Auth through 1.1.2. The omniauth failure endpoint is vulnerable to Reflected Cross Site Scripting (XSS) through the message parameter. Unauthenticated attackers can craft a URL that executes a malicious JavaScript payload in the victim's browser. This affects the fallback_render method in the omniauth callbacks controller.