Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-V38P-MQQ3-M6V5
HistoryMay 13, 2022 - 1:38 a.m.

Keycloak Reflected XSS

2022-05-1301:38:14
CWE-79
GitHub Advisory Database
github.com
12

0.002 Low

EPSS

Percentile

54.3%

JSON

It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.

CPENameOperatorVersion
org.keycloak:keycloak-parentlt3.4.0

Related

prion 1
redhatcve 1
veracode 1
osv 1
cve 1
cvelist 1
nessus 2
redhat 3
prion
prion
Design/Logic Flaw
2017-10-26 17:29:00
redhatcve
redhatcve
CVE-2017-12158
2017-10-17 19:49:22
veracode
veracode
Reflected Cross-site Scripting (XSS)
2017-10-27 01:24:27
osv
osv
Keycloak Reflected XSS
2022-05-13 01:38:14
cve
cve
CVE-2017-12158
2017-10-26 17:29:00
cvelist
cvelist
CVE-2017-12158
2017-10-17 00:00:00
nessus
nessus
RHEL 6 : rh-sso7-keycloak (RHSA-2017:2904)
2017-10-19 00:00:00
RHEL 7 : rh-sso7-keycloak (RHSA-2017:2905)
2017-10-19 00:00:00
redhat
redhat
(RHSA-2017:2904) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:36
(RHSA-2017:2905) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:56
(RHSA-2017:2906) Moderate: Red Hat Single Sign-On security update
2017-10-17 19:41:35

0.002 Low

EPSS

Percentile

54.3%

JSON
Related for GHSA-V38P-MQQ3-M6V5
prion1redhatcve1veracode1osv1cve1cvelist1nessus2redhat3