CVE-2026-6493 | lukevella rallly up to 4.7.4 Reset Password reset-password-form.tsx redirectTo cross site scripting

A vulnerability classified as problematic was found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site scripting.

This vulnerability is handled as CVE-2026-6493. The attack can be executed remotely. Additionally, an exploit exists.

Upgrading the affected component is advised.

The vendor was contacted early about this disclosure.VulDB Recent EntriesRead More