14 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in select-organization.ftl - shown on the organization selection login page - since the organization.alias value is inserted into an inline JavaScript onclick handler. A user with manage-realm or...
EUVD-2026-22294
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...
CVE-2026-37980
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...
Red Hat build of Keycloak 跨站脚本漏洞
The Red Hat build of Keycloak is a web application for single-sign-on developed by the American company Red Hat. The Red Hat build of Keycloak has a cross-site scripting vulnerability. This vulnerability arises from the organization’s choice of the login page, where organization.alias is placed i...
CVE-2023-37251
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs...
BIT-MEDIAWIKI-2023-37251
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs...
CVE-2023-37251
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs...
CVE-2023-37251
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs...
Code injection
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs...
MediaWiki 跨站脚本漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.39.3, which stems from an issue discovered...
CVE-2023-37251
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs...
PT-2023-25856 · Mediawiki +1 · Googleanalyticsmetrics +1
Name of the Vulnerable Software and Affected Versions: GoogleAnalyticsMetrics extension for MediaWiki versions through 1.39.3 Description: An issue was discovered in the googleanalyticstrackurl parser function, which does not properly escape JavaScript in the onclick handler and does not prevent...
CVE-2023-37251
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs...
CVE-2023-37251
The CVE-2023-37251 entry concerns the GoogleAnalyticsMetrics extension for MediaWiki up to version 1.39.3. The googleanalyticstrackurl parser does not properly escape JavaScript in onclick handlers and does not prevent javascript: URLs, enabling potential JavaScript execution in affected pages. T...