31 matches found
EUVD-2018-0674
Malware in sbrugna...
EUVD-2022-2646
Malicious code in bioql PyPI...
EUVD-2022-4848
Malicious code in bioql PyPI...
EUVD-2022-2233
Malicious code in bioql PyPI...
EUVD-2022-1888
Malicious code in bioql PyPI...
GHSA-5R7W-PJX8-99QG JBoss KeyCloak Open Redirect
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL...
JBoss KeyCloak Open Redirect
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL...
GHSA-PX42-MR8M-CPGH JBoss KeyCloak Cross-site Scripting Vulnerability
If a JBoss Keycloak application was configured to use as a permitted web origin in the Keycloak administrative console, crafted requests to the login-status-iframe.html endpoint could inject arbitrary Javascript into the generated HTML code via the "origin" query parameter, leading to a cross-sit...
JBoss KeyCloak Cross-site Scripting Vulnerability
If a JBoss Keycloak application was configured to use as a permitted web origin in the Keycloak administrative console, crafted requests to the login-status-iframe.html endpoint could inject arbitrary Javascript into the generated HTML code via the "origin" query parameter, leading to a cross-sit...
GHSA-XR6Q-QQX7-553G JBoss Keycloak CSRF Vulnerability
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery CSRF attacks by leveraging lack of CSRF protection...
CVE-2014-3652
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL...
Open redirect
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL...
CVE-2014-3656
JBoss KeyCloak: XSS in login-status-iframe.html...
Design/Logic Flaw
JBoss KeyCloak: XSS in login-status-iframe.html...
CVE-2014-3655
JBoss KeyCloak is vulnerable to soft token deletion via CSRF...
Cross site request forgery (csrf)
JBoss KeyCloak is vulnerable to soft token deletion via CSRF...
CVE-2014-3655
JBoss KeyCloak is vulnerable to soft token deletion via CSRF...
CVE-2014-3655
CVE-2014-3655 affects JBoss KeyCloak; vulnerability is soft token deletion via CSRF. Notable details from connected docs indicate exposure in affected Keycloak releases and a fix later stated as Keycloak 1.0.2.Final. Practical impact is limited to CSRF-enabled token deletion without broader acces...
CVE-2018-14658
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack...
CVE-2018-14658
A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack...