web-console is vulnerable to cross-site scripting. The vulnerability, caused by missing X-Frame-Options
and CSRF protections, in the oauth/token/request
endpoint could allow a remote attacker to retrieve a token for CLI usage when using non default configs.