Abacus · Abacus Oauth Login · CVE-2019-19381
**Name of the Vulnerable Software and Affected Versions**
Abacus OAuth Login versions 2019 01 r4 20191021 0000 through prior to R4 (20.11.2019 Hotfix)
**Description**
The issue allows Reflected Cross Site Scripting (XSS) via an error message. This occurs in the "oauth/oauth2/v1/saml/" endpoint.
**Recommendations**
For versions 2019 01 r4 20191021 0000 through prior to R4 (20.11.2019 Hotfix), update to a version after R4 (20.11.2019 Hotfix) to resolve the issue.
As a temporary workaround, consider restricting access to the "oauth/oauth2/v1/saml/" endpoint until a patch is available.