{"id":"CVE-2024-21637","summary":"XSS in Authentik via JavaScript-URI as Redirect URI and form_post Response Mode","details":"Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6.","aliases":["GHSA-rjpr-7w8c-gv3j"],"modified":"2026-03-03T02:52:16.764923Z","published":"2024-01-11T05:49:44.123Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/21xxx/CVE-2024-21637.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/21xxx/CVE-2024-21637.json"},{"type":"WEB","url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6"},{"type":"WEB","url":"https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6"},{"type":"ADVISORY","url":"https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21637"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/goauthentik/authentik","events":[{"introduced":"bfa78afd548a41ba7b00adb65aff3ea41b0858e6"},{"fixed":"2a3d2cd262cf7588506cbcab32f8f5cf0351aba8"},{"introduced":"ed46fd629efd4307040c494faaec544a5cb7b3ee"},{"fixed":"1cd000dfe204b9605c85e6cebc051586a0329604"}]}],"versions":["version/2023.10.0","version/2023.10.1","version/2023.10.2","version/2023.10.3","version/2023.10.4","version/2023.10.5","version/2023.8.0","version/2023.8.1","version/2023.8.2","version/2023.8.3","version/2023.8.4","version/2023.8.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21637.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H"}]}