Vulnerabilities > Serenity > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-19 CVE-2024-26318 Cross-site Scripting vulnerability in Serenity
Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.
network
low complexity
serenity CWE-79
6.1
6.1
2023-04-27 CVE-2023-31285 Cross-site Scripting vulnerability in Serenity Serene and Startsharp
An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0.
network
low complexity
serenity CWE-79
6.1
6.1
2023-04-27 CVE-2023-31286 Information Exposure Through an Error Message vulnerability in Serenity Serene and Startsharp
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0.
network
low complexity
serenity CWE-209
5.3
5.3