Lucene search
K

1124 matches found

RedHat Linux
RedHat Linux
added 2022/11/03 3:14 p.m.3 views

keycloak: Stored XSS in groups dropdown

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

5.4CVSS5.7AI score0.02731EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/11/03 2:55 p.m.5 views

keycloak: Stored XSS in groups dropdown

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

5.4CVSS5.7AI score0.02731EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.4 views

keycloak: Stored XSS in groups dropdown

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

5.4CVSS5.7AI score0.02731EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.6 views

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.2CVSS5.8AI score0.00834EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.15 views

keycloak: Stored XSS in groups dropdown

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

5.4CVSS5.7AI score0.02731EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/01 9:15 p.m.26 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the Admin Console (CVE-2022-40750)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the Admin Console CVE-2022-40750 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

5.4CVSS5.4AI score0.00371EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/20 4:39 p.m.36 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to Cross-site Scripting (CVE-2022-22477)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console. This has been addressed. Vulnerability Details CVEID:CVE-2022-22477 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed...

6.1CVSS5.9AI score0.00495EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/10/18 9:15 p.m.10 views

CVE-2022-39412

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Admin Console. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager...

7.5CVSS0.01704EPSS
Exploits0References1
OSV
OSV
added 2022/10/18 9:15 p.m.4 views

CVE-2022-39412

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Admin Console. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager...

7.5CVSS5.8AI score0.01704EPSS
Exploits0References1
Prion
Prion
added 2022/10/18 9:15 p.m.13 views

Design/Logic Flaw

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Admin Console. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager...

5CVSS7.1AI score0.01704EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/18 12:0 a.m.17 views

CVE-2022-39412

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Admin Console. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager...

7.5CVSS7.6AI score0.01704EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/10/18 12:0 a.m.9 views

CVE-2022-39412

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Admin Console. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager...

7.5CVSS6.6AI score0.01704EPSS
Exploits0References1
CVE
CVE
added 2022/10/18 12:0 a.m.83 views

CVE-2022-39412

The CVE-2022-39412 entry affects Oracle Fusion Middleware’s Oracle Access Manager (Admin Console) with the affected version 12.2.1.4.0 . The vulnerability allows an unauthenticated, network-accessible attacker over HTTP to compromise Oracle Access Manager, potentially exposing or gaining complete...

7.5CVSS7.2AI score0.01704EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/18 12:0 a.m.5 views

PT-2022-24965 · Oracle · Oracle Access Manager

Name of the Vulnerable Software and Affected Versions: Oracle Access Manager version 12.2.1.4.0 Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager, resulting in unauthorized access to critical data or complete access to all...

7.5CVSS8.9AI score0.01704EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/04 4:2 p.m.6 views

keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console

A flaw was found in keycloak. The vulnerability allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...

7.2CVSS5.8AI score0.00834EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/04 4:2 p.m.8 views

keycloak: Stored XSS in groups dropdown

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

5.4CVSS5.7AI score0.02731EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/10/04 4:2 p.m.6 views

keycloak: improper input validation permits script injection

A Stored Cross-site scripting XSS vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

3.8CVSS5.8AI score0.00572EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/04 3:53 p.m.5 views

keycloak: Stored XSS in groups dropdown

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

5.4CVSS5.7AI score0.02731EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/10/04 3:53 p.m.6 views

keycloak: improper input validation permits script injection

A Stored Cross-site scripting XSS vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

3.8CVSS5.8AI score0.00572EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/10/04 3:35 p.m.5 views

keycloak: Stored XSS in groups dropdown

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

5.4CVSS5.7AI score0.02731EPSS
Exploits1References5
Rows per page
Query Builder