Lucene search
GoogleOSV:GHSA-458H-WV48-FQ75HistoryMay 13, 2022 - 1:34 a.m.
Keycloak vulnerable to cross-site scripting via the state parameter
2022-05-1301:34:29
Google
osv.dev
11
keycloak
xss
vulnerability
state parameter
authentication
javascript code
attack
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using response_mode=form_post it is possible to inject arbitrary Javascript-Code via the ‘state’-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.
Related
prion
prion
Cross site scripting
2018-11-13 19:29:00
nvd
nvd
CVE-2018-14655
2018-11-13 19:29:00
cvelist
cvelist
CVE-2018-14655
2018-11-13 19:00:00
cve
cve
CVE-2018-14655
2018-11-13 19:29:00
github
github
Keycloak vulnerable to cross-site scripting via the state parameter
2022-05-13 01:34:29
redhatcve
redhatcve
CVE-2018-14655
2020-04-09 09:44:28
osv
osv
CVE-2018-14655
2018-11-13 19:29:00
veracode
veracode
Cross-site Scripting (XSS)
2018-11-14 08:56:11
nessus
nessus
RHEL 6 : Red Hat Single Sign-On 7.2.5 on RHEL 6 (RHSA-2018:3592)
2018-11-14 00:00:00
RHEL 7 : Red Hat Single Sign-On 7.2.5 on RHEL 7 (RHSA-2018:3593)
2018-11-14 00:00:00
redhat
redhat