GHSA-PX42-MR8M-CPGH JBoss KeyCloak Cross-site Scripting Vulnerability

If a JBoss Keycloak application was configured to use as a permitted web origin in the Keycloak administrative console, crafted requests to the login-status-iframe.html endpoint could inject arbitrary Javascript into the generated HTML code via the "origin" query parameter, leading to a cross-sit...

CVE-2014-3656

JBoss KeyCloak: XSS in login-status-iframe.html...