Name of the Vulnerable Software and Affected Versions: better-auth (affected versions not specified)

Description: The better-auth /api/auth/error page is vulnerable to HTML injection, resulting in a reflected cross-site scripting (XSS) issue. The error URL parameter's value is reflected as HTML on the error page. An attacker could exploit this by coercing a user to visit a specially-crafted URL, allowing the execution of arbitrary JavaScript in the context of the user's browser. The impact depends on the functionality of the application using better-auth.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.