CVE-2019-18350

Name of the Vulnerable Software and Affected Versions Ant Design Pro version 4.0.0

Description The issue concerns a reflected XSS in the user/login redirect GET parameter, which affects the authorization component. This leads to the execution of JavaScript code in the login after-action script.

Recommendations For Ant Design Pro version 4.0.0, consider disabling the redirect parameter in the user/login endpoint until a patch is available. Restrict access to the authorization component to minimize the risk of exploitation. Avoid using the redirect GET parameter in the affected endpoint until the issue is resolved.