Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-14655

Опубликовано: 13 нояб. 2018
Источник: debian

Описание

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
keycloakitppackage

Связанные уязвимости

redhat логотип

CVE-2018-14655

CVSS3: 4.6
redhat
около 7 лет назад

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.

nvd логотип

CVE-2018-14655

CVSS3: 4.6
nvd
около 7 лет назад

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.

github логотип

GHSA-458h-wv48-fq75

CVSS3: 5.4
github
больше 3 лет назад

Keycloak vulnerable to cross-site scripting via the state parameter