Lucene search
GoogleOSV:GHSA-VV38-4XCJ-Q4RWHistoryJan 21, 2022 - 11:52 p.m.
Cross-site Scripting in Apache Knox SSO
2022-01-2123:52:00
Google
osv.dev
19
0.002 Low
EPSS
Percentile
62.3%
When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign.
Related
veracode
veracode
Cross-Site Scripting (XSS)
2022-01-18 04:48:16
cnvd
cnvd
Apache Knox SSO Cross-Site Scripting Vulnerability
2022-01-18 00:00:00
osv
osv
CVE-2021-42357
2022-01-17 20:15:07
prion
prion
Design/Logic Flaw
2022-01-17 20:15:00
cve
cve
CVE-2021-42357
2022-01-17 20:15:07
github
github
Cross-site Scripting in Apache Knox SSO
2022-01-21 23:52:00
cvelist
cvelist
CVE-2021-42357 DOM based XSS Vulnerability in Apache Knox
2022-01-17 19:25:09
nvd
nvd
CVE-2021-42357
2022-01-17 20:15:07