A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
Max CVSS
5.4
EPSS Score
0.07%
Published
2023-12-12
Updated
2024-03-18
A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.
Max CVSS
5.4
EPSS Score
0.11%
Published
2023-12-14
Updated
2024-02-02
The course upload preview contained an XSS risk for users uploading unsafe data.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-11-09
Updated
2023-11-15
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-11-09
Updated
2023-11-15
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-11-09
Updated
2023-11-15
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.
Max CVSS
7.3
EPSS Score
0.13%
Published
2023-10-04
Updated
2023-10-10
A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-07-24
Updated
2023-08-02
A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-09-12
Updated
2023-09-18
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-02-23
Updated
2023-03-03
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.
Max CVSS
6.1
EPSS Score
0.92%
Published
2022-07-25
Updated
2022-12-21
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
Max CVSS
6.1
EPSS Score
0.31%
Published
2022-07-25
Updated
2022-12-21
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
Max CVSS
5.4
EPSS Score
0.09%
Published
2022-05-18
Updated
2022-12-21
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
Max CVSS
10.0
EPSS Score
0.05%
Published
2023-07-07
Updated
2023-07-17
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.
Max CVSS
8.1
EPSS Score
0.06%
Published
2023-09-25
Updated
2023-09-29
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-09-13
Updated
2023-02-12
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.
Max CVSS
3.8
EPSS Score
0.05%
Published
2022-09-01
Updated
2022-10-18
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.
Max CVSS
6.4
EPSS Score
0.09%
Published
2023-09-20
Updated
2023-09-25
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
Max CVSS
5.4
EPSS Score
0.06%
Published
2023-03-29
Updated
2023-12-22
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
Max CVSS
5.4
EPSS Score
0.06%
Published
2022-08-26
Updated
2022-09-01
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
Max CVSS
6.1
EPSS Score
0.17%
Published
2022-03-25
Updated
2022-03-29
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-06-10
Updated
2021-09-20
A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Max CVSS
7.5
EPSS Score
0.17%
Published
2021-03-23
Updated
2022-10-21
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.
Max CVSS
5.8
EPSS Score
0.09%
Published
2021-02-23
Updated
2022-02-22
A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Max CVSS
9.6
EPSS Score
0.16%
Published
2021-05-28
Updated
2022-08-05
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-08-25
Updated
2022-09-02
214 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!