CVE-2014-3656
CVE-2014-3656 corresponds to a JBoss KeyCloak cross-site scripting (XSS) in the login-status-iframe.html page. Public advisories describe that if a Keycloak deployment allows '*' as a permitted web origin in the admin console, crafted requests to login-status-iframe.html can inject arbitrary Java...