Security Bulletin: IBM WebSphere Application Server, which is bundled in IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336)

Summary IBM WebSphere Application Server, which is bundled in IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the Admin Console CVE-2022-34336 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server, which is bundled in IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336)

Summary IBM WebSphere Application Server, which is bundled in IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the Admin Console CVE-2022-34336 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console (CVE-2022-34336)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console. This has been addressed. Vulnerability Details CVEID:CVE-2022-34336 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed...

Duplicate Advisory: Keycloak vulnerable to Cross-Site Scripting (XSS)

Duplicate Advisory This advisory is a duplicate of GHSA-w9mf-83w3-fv49. This link is maintained to preserve external references. Original Description A stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacke...

GHSA-W8V7-C7PM-7WFR Duplicate Advisory: Keycloak vulnerable to Cross-Site Scripting (XSS)

Duplicate Advisory This advisory is a duplicate of GHSA-w9mf-83w3-fv49. This link is maintained to preserve external references. Original Description A stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacke...

CVE-2022-2256

A Stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

CVE-2022-2256

A Stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

CVE-2022-2256

A Stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

Cross site scripting

A Stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

CVE-2022-2256

A Stored Cross-site scripting XSS vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

CVE-2022-2256

CVE-2022-2256 is a stored XSS vulnerability in Keycloak as shipped with Red Hat Single Sign-On (RH SSO) 7.x. The issue stems from improper validation of user-supplied input in the admin console, enabling a privileged attacker to inject and execute scripts via the admin UI by abusing the default r...

PT-2022-15528 · Red Hat · Keycloak +1

Name of the Vulnerable Software and Affected Versions: Red Hat Single Sign-On 7 Keycloak versions prior to 18.0.1 Description: A Stored Cross-site scripting XSS vulnerability was found in Keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious...

Security Bulletin: IBM Operations Analytics Predictive Insights is vulnerable to remote code execution due to Dojo (CVE-2021-23450)

Summary IBM Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. There is a vulnerability in the Dojo library used by IBM WebSphere Application Server traditional in the Admin Console and used by the IBM WebSphere Application Server Liberty...

Keycloak XSS via use of malicious payload as group name when creating new group from admin console

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

GHSA-FQC7-5XXC-PH7R Keycloak XSS via use of malicious payload as group name when creating new group from admin console

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

CVE-2022-0225

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

Cross site scripting

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

CVE-2022-0225

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...

PT-2022-13045 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak versions prior to 16.0.1 Description: A flaw was found in Keycloak, allowing a privileged attacker to use a malicious payload as the group name while creating a new group from the admin console. This leads to a stored Cross-site...

Zimbra Detection Consolidation

Consolidation of Zimbra detections. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...