{"vulnerability": "cve-2020-7741", "sightings": [{"uuid": "61b7246e-6bd5-4b0c-a89f-b7eff3985dd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-7741", "type": "seen", "source": "https://t.me/VulnerabilityNews/29705", "content": "In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (\"[a-zA-Z][a-zA-Z0-9+.-]+:\") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.\nPublished at: August 29, 2022 at 11:15PM\nView on website", "creation_timestamp": "2022-08-30T00:49:52.000000Z"}]}