VYPR

Polis

by Ory

Source repositories

CVEs (1)

  • CVE-2026-33506HigMar 26, 2026
    risk 0.50cvss 8.8epss 0.00

    Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting (XSS) vulnerability in Ory Polis's login functionality. The application improperly trusts a URL…