Lucene search
RedhatCVELIST:CVE-2017-12158HistoryOct 17, 2017 - 12:00 a.m.
CVE-2017-12158
2017-10-1700:00:00
CWE-444
redhat
raw.githubusercontent.com
2
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.
Related
prion
prion
Design/Logic Flaw
2017-10-26 17:29:00
redhatcve
redhatcve
CVE-2017-12158
2017-10-17 19:49:22
osv
osv
Keycloak Reflected XSS
2022-05-13 01:38:14
cve
cve
CVE-2017-12158
2017-10-26 17:29:00
veracode
veracode
Reflected Cross-site Scripting (XSS)
2017-10-27 01:24:27
github
github
Keycloak Reflected XSS
2022-05-13 01:38:14
nessus
nessus
RHEL 7 : rh-sso7-keycloak (RHSA-2017:2905)
2017-10-19 00:00:00
RHEL 6 : rh-sso7-keycloak (RHSA-2017:2904)
2017-10-19 00:00:00
redhat
redhat
(RHSA-2017:2905) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:56
(RHSA-2017:2906) Moderate: Red Hat Single Sign-On security update
2017-10-17 19:41:35
(RHSA-2017:2904) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:36