22 matches found
EUVD-2020-29843
Malware in sbrugna...
PT-2025-27496 · Gluu Flex +1 · Gluu Flex +1
Name of the Vulnerable Software and Affected Versions: Janssen Project versions prior to 1.8.0 Gluu Flex versions prior to 5.8.0 Description: The Janssen Project is an open-source identity and access management IAM platform. Prior to version 1.8.0, the Config API returns results without scope...
CVE-2022-36663
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted requesturi parameter...
CVE-2020-9012
A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...
Exploit for Server-Side Request Forgery in Gluu Oxauth
CVE-2022-36663-PoC Internal network scanner through Gluu IAM b...
Exploit for Server-Side Request Forgery in Gluu Oxauth
CVE-2022-36663-PoC Internal network scanner through Gluu IAM b...
GHSA-HC94-9V26-GXWV Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted requesturi parameter...
Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted requesturi parameter...
CVE-2022-36663
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted requesturi parameter...
CVE-2022-36663
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted requesturi parameter...
CVE-2022-36663
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted requesturi parameter...
Server side request forgery (ssrf)
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted requesturi parameter...
CVE-2022-36663
Gluu OxAuth up to version 4.4.1 is affected by a blind SSRF due to a crafted request_uri parameter in /oxauth/restv1/authorize. The CVE-2022-36663 entry has a high-impact score (9.8) with network, no auth, and no user interaction required; the vulnerability can enable an attacker to induce outbou...
CVE-2022-36663
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted requesturi parameter...
EUVD-2022-6838
Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted requesturi parameter...
PT-2022-23534 · Gluu · Gluu Oxauth
Name of the Vulnerable Software and Affected Versions: Gluu Oxauth versions prior to 4.4.1 Description: The issue allows attackers to execute blind SSRF Server-Side Request Forgery attacks via a crafted request uri parameter. This enables attackers to forge requests from the server, potentially...
Gluu 代码问题漏洞
Gluu is a cloud-hosted identity platform from the US-based Gluu organization. A security vulnerability exists in Gluu Oxauth versions prior to v4.4.1, which can be exploited by an attacker to perform a server-side request forgery SSRF attack via a crafted requesturi parameter...
CVE-2020-9012
A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...
CVE-2020-9012
A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...
Cross site scripting
A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...