2024-02-19 00:00:00
mitre
PUBLISHED
Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.