2 matches found
keycloak: Stored XSS in groups dropdown
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting XSS attack...
SeedDMS Cross-Site Scripting Vulnerability (CNVD-2019-18509)
SeedDMS is a free document management system with an easy-to-use web-based user interface. A stored cross-site scripting vulnerability exists in out/out.GroupMgr.php in SeedDMS 5.1.11. An attacker can exploit this vulnerability by creating a new group with a JavaScript payload as the group name t...