{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T07:49:12.300","vulnerabilities":[{"cve":{"id":"CVE-2026-33506","sourceIdentifier":"security-advisories@github.com","published":"2026-03-26T19:17:05.680","lastModified":"2026-04-17T19:45:30.170","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting (XSS) vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter (`callbackUrl`), which is passed to `router.push`. An attacker can craft a malicious link that, when opened by an authenticated user (or an unauthenticated user that later logs in), performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to credential theft, internal network pivoting, and unauthorized actions performed on behalf of the victim. Version 26.2.0 contains a patch for the issue."},{"lang":"es","value":"Ory Polis, anteriormente conocido como BoxyHQ Jackson, actúa como puente o proxy para un flujo de inicio de sesión SAML a OAuth 2.0 o OpenID Connect. Las versiones anteriores a la 26.2.0 contienen una vulnerabilidad de cross-site scripting (XSS) basada en DOM en la funcionalidad de inicio de sesión de Ory Polis. La aplicación confía indebidamente en un parámetro de URL ('callbackUrl'), el cual se pasa a `router.push`. Un atacante puede crear un enlace malicioso que, al ser abierto por un usuario autenticado (o un usuario no autenticado que luego inicia sesión), realiza una redirección del lado del cliente y ejecuta JavaScript arbitrario en el contexto de su navegador. Esto podría conducir a robo de credenciales, pivoteo de red interno y acciones no autorizadas realizadas en nombre de la víctima. La versión 26.2.0 contiene un parche para el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.3}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-87"},{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ory:polis:*:*:*:*:*:*:*:*","versionEndExcluding":"26.2.0","matchCriteriaId":"35374CF5-7055-4168-AE87-931558915B5C"}]}]}],"references":[{"url":"https://github.com/ory/polis/releases/tag/v26.2.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/ory/polis/security/advisories/GHSA-3wjr-6gw8-9j22","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}