4 matches found
CVE-2026-9689 Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
CVE-2019-13562
D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/pingresponse.cgi pingipaddr parameter, the /www/ping6response.cgi ping6ipaddr parameter, and the /www/applysec.cgi htmlresponsereturnpage parameter...
CVE-2022-46304
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...
picketlink: URL injection via xinclude parameter
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...