CVE-2019-8400

Aliases:GHSA-7v6r-w4r6-mhchGO-2026-4861

Advisory lineage Upstream: 0 Downstream: 1

Downstream

SUSE-SU-2026:1135-1

Modified

Published: 17 Feb 2019, 06:00

Last modified:04 Aug 2024, 21:17

Vulnerability Summary

Overall Risk (default)

medium

34/100

CVSS Score

6.1 MEDIUM

v3.0 (nvd)

EPSS Score

0.32% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

2 found

Dark Web

Not detected

Timeline

17 Feb 2019, 06:00

Published

Vulnerability first disclosed

04 Aug 2024, 21:17

Last Modified

Vulnerability information updated

Description

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.

CVSS Metrics

v3.0•MEDIUM•Score: 6.1CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.32%• Percentile: 56%

Techniques & Countermeasures

CWE-79•Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Affected Systems

github.com/ory•hydra
< 1.4.8 | all
ory•hydra
0.1:beta1 | 0.1:beta2 | 0.1:beta3 | 0.1:beta4 | 0.2.0 | 0.3.0 | 0.3.1 | 0.4.0 | 0.4.1 | 0.4.2 | 0.4.2:alpha | 0.4.2:alpha1 | 0.4.2:alpha2 | 0.4.2:alpha3 | 0.4.2:alpha4 | 0.4.3 | 0.5.0 | 0.5.1 | 0.5.2 | 0.5.3 | 0.5.4 | 0.5.5 | 0.5.6 | 0.5.7 | 0.5.8 | 0.6.0 | 0.6.1 | 0.6.2 | 0.6.3 | 0.6.4 | 0.6.5 | 0.6.6 | 0.6.7 | 0.6.8 | 0.6.9 | 0.6.10 | 0.7.0 | 0.7.1 | 0.7.2 | 0.7.3 | 0.7.4 | 0.7.5 | 0.7.6 | 0.7.7 | 0.7.8 | 0.7.9 | 0.7.10 | 0.7.11 | 0.7.12 | 0.7.13 | 0.8.0 | 0.8.1 | 0.8.2 | 0.8.3 | 0.8.4 | 0.8.5 | 0.8.6 | 0.8.7 | 0.9.0 | 0.9.1 | 0.9.2 | 0.9.3 | 0.9.4 | 0.9.5 | 0.9.6 | 0.9.7 | 0.9.8 | 0.9.9 | 0.9.10 | 0.9.11 | 0.9.12 | 0.9.13 | 0.9.14 | 0.9.15 | 0.9.16 | 0.10.0 | 0.10.0:alpha1 | 0.10.0:alpha10 | 0.10.0:alpha11 | 0.10.0:alpha12 | 0.10.0:alpha13 | 0.10.0:alpha14 | 0.10.0:alpha15 | 0.10.0:alpha16 | 0.10.0:alpha17 | 0.10.0:alpha18 | 0.10.0:alpha19 | 0.10.0:alpha2 | 0.10.0:alpha20 | 0.10.0:alpha21 | 0.10.0:alpha3 | 0.10.0:alpha4 | 0.10.0:alpha5 | 0.10.0:alpha6 | 0.10.0:alpha7 | 0.10.0:alpha8 | 0.10.0:alpha9 | 0.10.1 | 0.10.2 | 0.10.3 | 0.10.4 | 0.10.5 | 0.10.6 | 0.10.7 | 0.10.8 | 0.10.9 | 0.10.10 | 0.11.0 | 0.11.1 | 0.11.2 | 0.11.3 | 0.11.4 | 0.11.6 | 0.11.7 | 0.11.9 | 0.11.10 | 0.11.12 | 0.11.14 | 1.0.0:beta1 | 1.0.0:beta2 | 1.0.0:beta3 | 1.0.0:beta4 | 1.0.0:beta5 | 1.0.0:beta6 | 1.0.0:beta7 | 1.0.0:beta8 | 1.0.0:beta9 | 1.0.0:rc1 | 1.0.0:rc2