15 matches found
Improper Verification of Source of a Communication Channel
Overview tinacms is a headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via improper validation of cross-origin messages in the window message...
Origin Validation Error
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Origin Validation Error through the postMessage process. An attacker can execute unauthorized actions and trigger backend API calls under the victim's authenticated session by sending crafted cross-origin...
EUVD-2024-1243
Malicious code in bioql PyPI...
Important: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements
Release of OpenShift Serverless Logic 1.33.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...
GHSA-M6Q9-P373-G5Q8 Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
A potential security flaw in the "checkLoginIframe" which allows unvalidated cross-origin messages, enabling potential DDoS attacks. By exploiting this vulnerability, attackers could coordinate to send millions of requests in seconds using simple code, significantly impacting the application's...
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
A potential security flaw in the "checkLoginIframe" which allows unvalidated cross-origin messages, enabling potential DDoS attacks. By exploiting this vulnerability, attackers could coordinate to send millions of requests in seconds using simple code, significantly impacting the application's...
CVE-2024-1249 Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...
CVE-2024-1249 Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...
CVE-2024-1249
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...
PT-2024-17623 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak's OIDC component in the checkLoginIframe, which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of request...
keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...
keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...
keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...
PT-2024-12249 · Ibm +1 · Ibm Cognos Analytics +1
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 12.0.0 Description: The issue is related to information leakage due to unverified sources in messages sent between Windows objects of different origins. Recommendations: For IBM Cognos Analytics...