Publish GHSA-9x4v-xfq5-m8x5

advisory-database[bot] · advisory-database[bot] · commit 4d1d1211fbca · 2025-02-05T21:50:51.000Z
diff --git a/advisories/github-reviewed/2025/02/GHSA-9x4v-xfq5-m8x5/GHSA-9x4v-xfq5-m8x5.json b/advisories/github-reviewed/2025/02/GHSA-9x4v-xfq5-m8x5/GHSA-9x4v-xfq5-m8x5.json
@@ -0,0 +1,63 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9x4v-xfq5-m8x5",
+  "modified": "2025-02-05T21:49:39Z",
+  "published": "2025-02-05T21:49:39Z",
+  "aliases": [],
+  "summary": "Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)",
+  "details": "### Summary\nThe better-auth `/api/auth/error` page was vulnerable to HTML injection, resulting in a reflected cross-site scripting (XSS) vulnerability.\n\n### Details\nThe value of `error` URL parameter was reflected as HTML on the error page: https://github.com/better-auth/better-auth/blob/05ada0b79dbcac93cc04ceb79b23ca598d07830c/packages/better-auth/src/api/routes/error.ts#L81\n\n### PoC\n\nhttps://demo.better-auth.com/api/auth/error?error=%3Cscript%3Ealert(1)%3C/script%3E\n\n![image](https://github.com/user-attachments/assets/35b1b95d-3dc9-45fd-89cd-20cd0361bb6c)\n\n### Impact\nAn attacker who exploited this vulnerability by coercing a user to visit a specially-crafted URL could execute arbitrary JavaScript in the context of the user's browser.\n\nBecause better-auth is a dependency of web applications, the impact of such a vulnerability is unknowable; it depends on the functionality of the application/site using better-auth. I have calculated the CVSS score assuming the hypothetical victim is an administrator with elevated permissions and access.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "better-auth"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0.0.2"
+            },
+            {
+              "fixed": "1.1.16"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/better-auth/better-auth/security/advisories/GHSA-9x4v-xfq5-m8x5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/better-auth/better-auth/commit/7ae340e2eddad641b7e43d24d37c58a66ce9ddcf"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/better-auth/better-auth"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/better-auth/better-auth/blob/05ada0b79dbcac93cc04ceb79b23ca598d07830c/packages/better-auth/src/api/routes/error.ts#L81"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-02-05T21:49:39Z",
+    "nvd_published_at": null
+  }
+}
