Lucene search
GoogleOSV:CVE-2021-42357HistoryJan 17, 2022 - 8:15 p.m.
CVE-2021-42357
2022-01-1720:15:07
Google
osv.dev
4
apache knox sso
url parsing
crafted request
user redirection
xss
phishing
software
When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign.
Related
cvelist
cvelist
CVE-2021-42357 DOM based XSS Vulnerability in Apache Knox
2022-01-17 19:25:09
nvd
nvd
CVE-2021-42357
2022-01-17 20:15:07
veracode
veracode
Cross-Site Scripting (XSS)
2022-01-18 04:48:16
cnvd
cnvd
Apache Knox SSO Cross-Site Scripting Vulnerability
2022-01-18 00:00:00
osv
osv
Cross-site Scripting in Apache Knox SSO
2022-01-21 23:52:00
prion
prion
Design/Logic Flaw
2022-01-17 20:15:00
cve
cve
CVE-2021-42357
2022-01-17 20:15:07
github
github
Cross-site Scripting in Apache Knox SSO
2022-01-21 23:52:00