CVE-2024-26318 Information

Description

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character.

Reference

https://serenity.is/docs/release-notes/6.8.0