Keycloak error_description injection on error pages that can trigger phishing attacks

Keycloak’s account console accepts arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading messages e.g., fake support phone numbers or...

Directory Traversal

buttle is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization of filename, allowing directory traversal attacks...