URL Redirection to Untrusted Site (‘Open Redirect’) in next-auth

### Impact We found that this vulnerability is present when the developer is implementing an OAuth 1 provider (by extension, it means Twitter, which is the only built-in provider using OAuth 1), but * ...

Continue Reading
Stored XSS in application name.

# Description Hi there, there is a stored XSS in Oauth application name. # Proof of Concept 1. Install a local instance of Autolab. 2. Go to `/oauth/applications` and create a new application with na ...

Continue Reading
Users Account Pre-Takeover or Users Account Takeover.

Team, May you all be well on your side of the screen. :) While Doing some research on the https://microweber.org, I was able to find a Pre-Account Takeover vulnerability. Kindly check the proof of con ...

Continue Reading
CVE-2022-31027

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading
URL Redirection to Untrusted Site (‘Open Redirect’) in next-auth

### Impact We found that this vulnerability is present when the developer is implementing an OAuth 1 provider (by extension, it means Twitter, which is the only built-in provider using OAuth 1), but * ...

Continue Reading
CVE-2022-29214

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implemen ...

Continue Reading
Leakage of third-party OAuth token via redirect

# Description The application allows the usage of third-parties to store the files, such as Google Drive, Github, Gitlab, etc. It's possible to bypass the protection of the `redirect` parameter and re ...

Continue Reading
Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack

Researchers are warning attackers can abuse Microsoft Office 365 functionality to target files stored on SharePoint and OneDrive in ransomware attacks. Those files, stored via “auto-save” and back ...

Continue Reading

Back to Main

Subscribe for the latest news: