365 matches found
EUVD-2018-4271
Malware in sbrugna...
EUVD-2021-10329
Malware in sbrugna...
EUVD-2017-6872
Malware in sbrugna...
EUVD-2017-17836
Malware in sbrugna...
EUVD-2022-43746
Malicious code in bioql PyPI...
EUVD-2022-53466
Malicious code in bioql PyPI...
EUVD-2022-37427
Malicious code in bioql PyPI...
EUVD-2023-31723
Malicious code in bioql PyPI...
EUVD-2025-25269
Malicious code in bioql PyPI...
keycloak: Keycloak error_description injection on error pages
A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...
Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...
GHSA-XMCW-MV9P-7PQ2 Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...
CVE-2025-10044 Keycloak: keycloak error_description injection on error pages
A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...
CVE-2025-10044
CVE-2025-10044 affects Keycloak: error_description injection on error pages allows arbitrary text to be rendered in the UI, enabling phishing-like messages (e.g., fake support numbers/URLs) without XSS. The issue is mitigated by HTML encoding but still enables deceptive content within the trusted...
CVE-2025-10044 Keycloak: keycloak error_description injection on error pages
A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is rendered directly on error pages without validation or sanitization. An attacker can display misleading messages within the trusted user interface by crafting...
PT-2025-36327
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where the account console and other pages accept arbitrary text in the error description query parameter. This text is directly rendered in error pages without...
Linux Distros Unpatched Vulnerability : CVE-2022-40468
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier us...
CVE-2025-9229
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages...
CVE-2025-9229
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages...