74 matches found
WordPress plugin WP-OAuth 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...
keycloak: Keycloak error_description injection on error pages
A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...
EUVD-2025-27029
Keycloak errordescription injection on error pages that can trigger phishing attacks...
GHSA-27GC-WJ6X-9W55 Keycloak error_description injection on error pages that can trigger phishing attacks
Keycloak’s account console accepts arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading messages e.g., fake support phone numbers or...
Keycloak error_description injection on error pages that can trigger phishing attacks
Keycloak’s account console accepts arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading messages e.g., fake support phone numbers or...
Keycloak < 26.2.9 Multiple Vulnerabilities (GHSA-wc64-wmfm-46vw)(GHSA-xmcw-mv9p-7pq2)
The version of Keycloak installed on the remote host is prior to 26.2.9. It is, therefore, affected by multiple vulnerabilities as reference in the advisory GHSA-wc64-wmfm-46vw and GHSA-xmcw-mv9p-7pq2. - A path traversal validation flaw exists in Keycloakâs vault key handling on Windows. The...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Security Update
New Red Hat build of Keycloak 26.2.9 packages are available from the Customer Portal Red Hat build of Keycloak 26.2.9 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...
GHSA-XMCW-MV9P-7PQ2 Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...
Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...
CVE-2025-10044
A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...
CVE-2025-10044 Keycloak: keycloak error_description injection on error pages
A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...
CVE-2025-10044 Keycloak: keycloak error_description injection on error pages
A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...
CVE-2025-10044
CVE-2025-10044 affects Keycloak: error_description injection on error pages allows arbitrary text to be rendered in the UI, enabling phishing-like messages (e.g., fake support numbers/URLs) without XSS. The issue is mitigated by HTML encoding but still enables deceptive content within the trusted...
CVE-2025-10044
A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is rendered directly on error pages without validation or sanitization. An attacker can display misleading messages within the trusted user interface by crafting...
Red Hat build of Keycloak 跨站脚本漏洞
Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. A cross-site scripting vulnerability exists in Red Hat Build of Keycloak that stems from incorrect handling of the errordescription parameter, which could lead to a phishing attack...
Linux Distros Unpatched Vulnerability : CVE-2024-42329
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for...
CVE-2024-44794
A cross-site scripting XSS vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the errordescription parameter...
CVE-2024-44796
A cross-site scripting XSS vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the errordescription parameter...
PicUploader 安全漏洞
PicUploader is a graphic bed tool written in php by Bruce's personal developer. It helps you to quickly upload your images to a cloud image bed and automatically returns a Markdown formatted link to the clipboard. PicUploader has a security vulnerability that stems from the...