Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.
Advisories for Npm/@Serenity-Is/Corelib package
2024