CVE-2019-8400

MEDIUM6.1EPSS 0.32%

Hydra has Reflected XSS via error_hint parameter

Published: 5/14/2022Modified: 3/26/2026
Also known as:GHSA-7v6r-w4r6-mhchGO-2026-4861

Description

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.

Affected packages (2)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1MEDIUM6.1CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (8)