CVE-2024-53274

Name of the Vulnerable Software and Affected Versions Habitica versions prior to 5.28.5

Description Habitica is an open-source habit-building program. The issue arises from a reflected cross-site scripting vulnerability in the register function in home.vue, caused by an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter to trigger the vulnerability, allowing arbitrary JavaScript code to be executed in the context of the victim's session.

Recommendations For versions prior to 5.28.5, update to version 5.28.5 to resolve the issue. As a temporary workaround, consider restricting access to the register function in home.vue to minimize the risk of exploitation. Avoid using the redirectTo parameter in the affected function until the issue is resolved.