Lauritzh

**Name of the Vulnerable Software and Affected Versions** Authentik versions prior to 2023.10.6 Authentik versions prior to 2023.8.6 **Description** Authentik is an open-source Identity Provider that is vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response mode=form post`. This vulnerability could be used to perform a privilege escalation. **Recommendations** For versions prior to 2023.10.6, update to version 2023.10.6 or later to resolve the issue. For versions prior to 2023.8.6, update to version 2023.8.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of `response mode=form post` in OpenID Connect flows until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** sanitize-svg versions prior to 0.4.0 **Description** The `sanitize-svg` package uses a deny-list-pattern to sanitize SVGs and prevent cross-site scripting attacks. However, literal `<script>`-tags and on-event handlers were detected in versions prior to 0.4.0, which may make downstream software that relies on `sanitize-svg` vulnerable to cross-site scripting. This issue can be exploited through various means, including the use of **Anchor Tag** and **Foreign Object Tag** in XML files, allowing for JavaScript embedding. At least one downstream project has been affected by this vulnerability. **Recommendations** For versions prior to 0.4.0, update to version 0.4.0 to address the vulnerability. As a temporary workaround, consider disabling the use of `sanitize-svg` until the update is applied. Restrict access to SVG files sanitized by `sanitize-svg` to minimize the risk of exploitation. Avoid using the `sanitize-svg` package in sensitive applications until the issue is resolved.