Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4137 | 1 Redhat | 3 Enterprise Linux, Keycloak, Single Sign-on | 2023-11-07 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker. | |||||
| CVE-2022-4361 | 1 Redhat | 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more | 2023-07-17 | N/A | 6.1 MEDIUM |
| Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri. | |||||
| CVE-2019-25027 | 1 Vaadin | 2 Flow, Vaadin | 2021-05-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malicious JavaScript via crafted URL | |||||