1124 matches found
keycloak: Stored XSS in groups dropdown
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...
keycloak: Stored XSS in groups dropdown
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...
keycloak: Stored XSS in groups dropdown
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...
keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
keycloak: Stored XSS in groups dropdown
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the Admin Console (CVE-2022-40750)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the Admin Console CVE-2022-40750 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477)
Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console. This has been addressed. Vulnerability Details CVEID:CVE-2022-22477 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed...
CVE-2022-39412
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Admin Console. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager...
CVE-2022-39412
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Admin Console. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager...
Design/Logic Flaw
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Admin Console. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager...
CVE-2022-39412
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Admin Console. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager...
CVE-2022-39412
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Admin Console. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager...
CVE-2022-39412
The CVE-2022-39412 entry affects Oracle Fusion Middleware’s Oracle Access Manager (Admin Console) with the affected version 12.2.1.4.0 . The vulnerability allows an unauthenticated, network-accessible attacker over HTTP to compromise Oracle Access Manager, potentially exposing or gaining complete...
PT-2022-24965 · Oracle · Oracle Access Manager
Name of the Vulnerable Software and Affected Versions: Oracle Access Manager version 12.2.1.4.0 Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager, resulting in unauthorized access to critical data or complete access to all...
keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
keycloak: Stored XSS in groups dropdown
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...
keycloak: improper input validation permits script injection
A Stored Cross-site scripting XSS vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...
keycloak: Stored XSS in groups dropdown
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...
keycloak: improper input validation permits script injection
A Stored Cross-site scripting XSS vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...
keycloak: Stored XSS in groups dropdown
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...