The software for managing identities and access control in Keycloak has vulnerabilities. This vulnerability stems from the lack of name filtering during the generation of a 404 HTTP error page. As a result, attackers can execute any desired script.

The vulnerability of the Keycloak identity and access management software lies in the absence of name filtering during the generation of a 404 HTTP error page. As a result, the name of the non-existent webpage is passed unchanged to the generated error page. Exploiting this vulnerability allows a...

DEBIAN-CVE-2018-19131

Squid before 4.4 has XSS via a crafted X.509 certificate during HTTPS error page generation for certificate errors...

Red Hat JBoss Operations Network HTTP Error Page Cross-Site Scripting Vulnerability

JBoss Operations Network is open source network management software based on Java EE. An input validation vulnerability in the JBoss Operations Network HTTP error page allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensiti...

Cross site scripting

Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...