Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses

Filter by:

With package: typstPackages.modern-innopolis-thesis

Found 1 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-33506

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): LOW

created 3 weeks, 2 days ago

DOM-Based XSS in Ory Polis Login Page

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting (XSS) vulnerability in Ory Polis's login functionality. The application improperly trusts a URL parameter (`callbackUrl`), which is passed to `router.push`. An attacker can craft a malicious link that, when opened by an authenticated user (or an unauthenticated user that later logs in), performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to credential theft, internal network pivoting, and unauthorized actions performed on behalf of the victim. Version 26.2.0 contains a patch for the issue.

References

https://github.com/ory/polis/security/advisories/GHSA-3wjr-6gw8-9j22 x_refsource_CONFIRM
https://github.com/ory/polis/releases/tag/v26.2.0 x_refsource_MISC

Affected products

polis

==< 26.2.0

Matching in nixpkgs

pkgs.persepolis

Download manager GUI written in Python

nixos-unstable 5.2.0
- nixpkgs-unstable 5.2.0
- nixos-unstable-small 5.2.0
nixos-25.11 5.2.0
- nixos-25.11-small 5.2.0
- nixpkgs-25.11-darwin 5.2.0

pkgs.typstPackages.metropolis-polylux

Metropolis style template for Polylux

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.haskellPackages.mighty-metropolis

The Metropolis algorithm

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 2.0.0
- nixos-25.11-small 2.0.0
- nixpkgs-25.11-darwin 2.0.0

pkgs.typstPackages.modern-innopolis-thesis

Thesis template for Innopolis University

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

pkgs.typstPackages.metropolis-polylux_0_1_0

Metropolis style template for Polylux

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.typstPackages.modern-innopolis-thesis_0_1_0

Thesis template for Innopolis University

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0

pkgs.typstPackages.modern-innopolis-thesis_0_1_1

Thesis template for Innopolis University

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1

Package maintainers

@iFreilicht Felix Uhl <nixpkgs@mail.felix-uhl.de>
@cherrypiejam Gongqi Huang
@RossSmyth Ross Smyth

1