Lucene search
K

74 matches found

CNNVD
CNNVD
added 2025/11/11 12:0 a.m.5 views

WordPress plugin WP-OAuth 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

6.1CVSS6AI score0.00316EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/11/07 12:3 p.m.4 views

keycloak: Keycloak error_description injection on error pages

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

4.3CVSS5.8AI score0.00291EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/17 5:39 p.m.6 views

EUVD-2025-27029

Keycloak errordescription injection on error pages that can trigger phishing attacks...

4.3CVSS3.8AI score0.00291EPSS
Exploits0References7
OSV
OSV
added 2025/10/17 5:39 p.m.2 views

GHSA-27GC-WJ6X-9W55 Keycloak error_description injection on error pages that can trigger phishing attacks

Keycloak’s account console accepts arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading messages e.g., fake support phone numbers or...

4.3CVSS5.9AI score0.00291EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/10/17 5:39 p.m.7 views

Keycloak error_description injection on error pages that can trigger phishing attacks

Keycloak’s account console accepts arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading messages e.g., fake support phone numbers or...

4.3CVSS6.9AI score0.00291EPSS
Exploits0References8Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/09/24 12:0 a.m.6 views

Keycloak < 26.2.9 Multiple Vulnerabilities (GHSA-wc64-wmfm-46vw)(GHSA-xmcw-mv9p-7pq2)

The version of Keycloak installed on the remote host is prior to 26.2.9. It is, therefore, affected by multiple vulnerabilities as reference in the advisory GHSA-wc64-wmfm-46vw and GHSA-xmcw-mv9p-7pq2. - A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The...

4.3CVSS5.1AI score0.00727EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/09/22 3:36 p.m.5 views

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Security Update

New Red Hat build of Keycloak 26.2.9 packages are available from the Customer Portal Red Hat build of Keycloak 26.2.9 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...

4.9CVSS5.8AI score0.00727EPSS
Exploits0References1
OSV
OSV
added 2025/09/05 9:32 p.m.2 views

GHSA-XMCW-MV9P-7PQ2 Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...

4.3CVSS5.8AI score0.00291EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/09/05 9:32 p.m.6 views

Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...

4.3CVSS6.7AI score0.00291EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2025/09/05 8:15 p.m.4 views

CVE-2025-10044

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

4.3CVSS5.8AI score0.00291EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/09/05 7:59 p.m.4 views

CVE-2025-10044 Keycloak: keycloak error_description injection on error pages

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

4.3CVSS6.1AI score0.00291EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/09/05 7:59 p.m.8 views

CVE-2025-10044 Keycloak: keycloak error_description injection on error pages

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

4.3CVSS0.00291EPSS
Exploits0References7
CVE
CVE
added 2025/09/05 7:59 p.m.26 views

CVE-2025-10044

CVE-2025-10044 affects Keycloak: error_description injection on error pages allows arbitrary text to be rendered in the UI, enabling phishing-like messages (e.g., fake support numbers/URLs) without XSS. The issue is mitigated by HTML encoding but still enables deceptive content within the trusted...

4.3CVSS6.1AI score0.00291EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/05 6:23 p.m.3 views

CVE-2025-10044

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

4.3CVSS6.2AI score0.00291EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/05 12:0 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is rendered directly on error pages without validation or sanitization. An attacker can display misleading messages within the trusted user interface by crafting...

5.1CVSS3.6AI score0.00291EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/05 12:0 a.m.3 views

Red Hat build of Keycloak 跨站脚本漏洞

Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. A cross-site scripting vulnerability exists in Red Hat Build of Keycloak that stems from incorrect handling of the errordescription parameter, which could lead to a phishing attack...

4.3CVSS3.6AI score0.00291EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-42329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for...

3.3CVSS5.4AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2024/08/26 8:15 p.m.2 views

CVE-2024-44794

A cross-site scripting XSS vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the errordescription parameter...

6.1CVSS5.9AI score0.00279EPSS
Exploits1References3
OSV
OSV
added 2024/08/26 8:15 p.m.5 views

CVE-2024-44796

A cross-site scripting XSS vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the errordescription parameter...

6.1CVSS5.9AI score0.00376EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.4 views

PicUploader 安全漏洞

PicUploader is a graphic bed tool written in php by Bruce's personal developer. It helps you to quickly upload your images to a cloud image bed and automatically returns a Markdown formatted link to the clipboard. PicUploader has a security vulnerability that stems from the...

6.1CVSS6.3AI score0.00279EPSS
Exploits1References4
Rows per page
Query Builder