Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-6134

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-14 Dec, 2023 | 21:42
Updated At-07 Aug, 2025 | 11:11
Rejected At-
Credits

Keycloak: reflected xss via wildcard in oidc redirect_uri

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:14 Dec, 2023 | 21:42
Updated At:07 Aug, 2025 | 11:11
Rejected At:
▼CVE Numbering Authority (CNA)
Keycloak: reflected xss via wildcard in oidc redirect_uri

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Keycloak 22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhbk/keycloak-operator-bundle
CPEs
  • cpe:/a:redhat:build_keycloak:22::el9
Default Status
affected
Versions
Unaffected
  • From 22.0.7-1 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Keycloak 22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhbk/keycloak-rhel9
CPEs
  • cpe:/a:redhat:build_keycloak:22::el9
Default Status
affected
Versions
Unaffected
  • From 22-6 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Keycloak 22
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhbk/keycloak-rhel9-operator
CPEs
  • cpe:/a:redhat:build_keycloak:22::el9
Default Status
affected
Versions
Unaffected
  • From 22-9 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Keycloak 22.0.7
Collection URL
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html
Package Name
rh-sso7-keycloak
CPEs
  • cpe:/a:redhat:build_keycloak:22
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Single Sign-On 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rh-sso7-keycloak
CPEs
  • cpe:/a:redhat:red_hat_single_sign_on:7.6
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Single Sign-On 7.6 for RHEL 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rh-sso7-keycloak
CPEs
  • cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Default Status
affected
Versions
Unaffected
  • From 0:18.0.11-2.redhat_00003.1.el7sso before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Single Sign-On 7.6 for RHEL 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rh-sso7-keycloak
CPEs
  • cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Default Status
affected
Versions
Unaffected
  • From 0:18.0.12-1.redhat_00001.1.el7sso before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Single Sign-On 7.6 for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rh-sso7-keycloak
CPEs
  • cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Default Status
affected
Versions
Unaffected
  • From 0:18.0.11-2.redhat_00003.1.el8sso before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Single Sign-On 7.6 for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rh-sso7-keycloak
CPEs
  • cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Default Status
affected
Versions
Unaffected
  • From 0:18.0.12-1.redhat_00001.1.el8sso before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Single Sign-On 7.6 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rh-sso7-keycloak
CPEs
  • cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Default Status
affected
Versions
Unaffected
  • From 0:18.0.11-2.redhat_00003.1.el9sso before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Single Sign-On 7.6 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rh-sso7-keycloak
CPEs
  • cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Default Status
affected
Versions
Unaffected
  • From 0:18.0.12-1.redhat_00001.1.el9sso before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHEL-8 based Middleware Containers
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rh-sso-7/sso76-openshift-rhel8
CPEs
  • cpe:/a:redhat:rhosemc:1.0::el8
Default Status
affected
Versions
Unaffected
  • From 7.6-38 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHEL-8 based Middleware Containers
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rh-sso-7/sso7-rhel8-operator-bundle
CPEs
  • cpe:/a:redhat:rhosemc:1.0::el8
Default Status
affected
Versions
Unaffected
  • From 7.6.6-2 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
RHEL-8 based Middleware Containers
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rh-sso-7/sso76-openshift-rhel8
CPEs
  • cpe:/a:redhat:rhosemc:1.0::el8
Default Status
affected
Versions
Unaffected
  • From 7.6-41 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Single Sign-On 7.6.6
Collection URL
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html
Package Name
rh-sso7-keycloak
CPEs
  • cpe:/a:redhat:red_hat_single_sign_on:7.6.6
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.14.6MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Red Hat would like to thank Lauritz Holtmann (https://security.lauritz-holtmann.de/) for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2023-11-07 00:00:00
Made public.2023-11-14 00:00:00
Event: Reported to Red Hat.
Date: 2023-11-07 00:00:00
Event: Made public.
Date: 2023-11-14 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2023:7854
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7855
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7856
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7857
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7858
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7860
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7861
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0798
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0799
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0800
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0801
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0804
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-6134
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2249673
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7854
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7855
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7856
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7857
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7858
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7860
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7861
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0798
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0799
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0800
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0801
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0804
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-6134
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2249673
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2023:7854
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2023:7855
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2023:7856
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2023:7857
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2023:7858
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2023:7860
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2023:7861
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0798
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0799
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0800
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0801
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/errata/RHSA-2024:0804
vendor-advisory
x_refsource_REDHAT
x_transferred
https://access.redhat.com/security/cve/CVE-2023-6134
vdb-entry
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=2249673
issue-tracking
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7854
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7855
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7856
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7857
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7858
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7860
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7861
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0798
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0799
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0800
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0801
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0804
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-6134
Resource:
vdb-entry
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2249673
Resource:
issue-tracking
x_refsource_REDHAT
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:14 Dec, 2023 | 22:15
Updated At:14 Feb, 2024 | 03:15

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially crafted request leading to cross-site scripting (XSS) or further attacks. This flaw is the result of an incomplete fix for CVE-2020-10748.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Secondary3.14.6MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CPE Matches

Red Hat, Inc.
redhat
>>enterprise_linux>>7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>single_sign-on>>Versions before 7.6(exclusive)
cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>keycloak>>Versions before 22.0.7(exclusive)
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_container_platform>>4.11
cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_container_platform>>4.12
cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_container_platform_for_power>>4.9
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_container_platform_for_power>>4.10
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_container_platform_ibm_z_systems>>4.9
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.9:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>openshift_container_platform_ibm_z_systems>>4.10
cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>single_sign-on>>-
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE-79Secondarysecalert@redhat.com
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-79
Type: Secondary
Source: secalert@redhat.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2023:7854secalert@redhat.com
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7855secalert@redhat.com
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7856secalert@redhat.com
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7857secalert@redhat.com
Exploit
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7858secalert@redhat.com
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7860secalert@redhat.com
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7861secalert@redhat.com
Vendor Advisory
https://access.redhat.com/errata/RHSA-2024:0798secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0799secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0800secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0801secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2024:0804secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2023-6134secalert@redhat.com
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2249673secalert@redhat.com
Issue Tracking
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7854
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7855
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7856
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7857
Source: secalert@redhat.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7858
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7860
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2023:7861
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0798
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0799
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0800
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0801
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2024:0804
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2023-6134
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2249673
Source: secalert@redhat.com
Resource:
Issue Tracking

Change History

0
Information is not available yet

Similar CVEs

9137Records found

CVE-2016-6348
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.28% / 51.31%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-resteasyn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-6347
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 42.31%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-resteasyn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-5398
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.19%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_bpm_suiten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-6343
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.38% / 58.61%
||
7 Day CHG~0.00%
Published-31 Oct, 2018 | 13:00
Updated-06 Aug, 2024 | 01:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-jboss_bpm_suiteDashbuilder
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-35651
Matching Score-6
Assigner-Fedora Project
ShareView Details
Matching Score-6
Assigner-Fedora Project
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 54.92%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 15:30
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.

Action-Not Available
Vendor-n/aMoodle Pty LtdRed Hat, Inc.Fedora Project
Product-enterprise_linuxfedoramoodleMoodle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-35653
Matching Score-6
Assigner-Fedora Project
ShareView Details
Matching Score-6
Assigner-Fedora Project
CVSS Score-6.1||MEDIUM
EPSS-77.25% / 98.93%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 15:33
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.

Action-Not Available
Vendor-n/aMoodle Pty LtdRed Hat, Inc.Fedora Project
Product-enterprise_linuxfedoramoodleMoodle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-2808
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.08% / 83.28%
||
7 Day CHG~0.00%
Published-07 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

Action-Not Available
Vendor-n/aRed Hat, Inc.UbuntuMozilla Corporation
Product-ubuntu_linuxthunderbirdfirefoxenterprise_linuxfedoraenterprise_linux_desktop_workstationseamonkeydesktopenterprise_linux_desktopadvanced_workstation_for_the_itanium_processorn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-2929
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.63% / 69.31%
||
7 Day CHG~0.00%
Published-29 Aug, 2008 | 18:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.

Action-Not Available
Vendor-fedoran/aRed Hat, Inc.
Product-directory_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-3097
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 47.98%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-satelliten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-3113
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-4.03% / 88.02%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-ovirt-enginen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-3080
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.23%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-satelliten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-2103
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.44%
||
7 Day CHG~0.00%
Published-14 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-satelliten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1000007
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.15%
||
7 Day CHG~0.00%
Published-07 Oct, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pagure 2.2.1 XSS in raw file endpoint

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-paguren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1000229
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-4.85% / 89.13%
||
7 Day CHG~0.00%
Published-20 Dec, 2019 | 13:02
Updated-06 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

swagger-ui has XSS in key names

Action-Not Available
Vendor-smartbearn/aRed Hat, Inc.
Product-swagger-uijboss_fuseopenshiftn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0044
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.09% / 25.62%
||
7 Day CHG-0.02%
Published-23 Feb, 2023 | 00:00
Updated-12 Mar, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

Action-Not Available
Vendor-quarkusn/aRed Hat, Inc.
Product-build_of_quarkusquarkusquarkus-vertx-http
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10234
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.41% / 60.82%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 13:17
Updated-23 Jul, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wildfly: wildfly vulnerable to cross-site scripting (xss)

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakjboss_enterprise_application_platformRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 8Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 7.4 for RHEL 9Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9RHEL-8 based Middleware ContainersRed Hat Single Sign-On 7.6 for RHEL 8Red Hat JBoss Enterprise Application Platform 8Red Hat Build of KeycloakRed Hat Fuse 7Red Hat Single Sign-On 7.6 for RHEL 9Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7Red Hat JBoss Enterprise Application Platform 7.4.23Red Hat Single Sign-On 7.6 for RHEL 7Red Hat JBoss Data Grid 7
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-4975
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.9||HIGH
EPSS-0.06% / 19.91%
||
7 Day CHG+0.01%
Published-27 Jan, 2025 | 13:47
Updated-28 Jan, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rhacs: cross-site scripting in portal

A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id="pdf-table"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Advanced Cluster Security 3
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-1036
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.31% / 84.15%
||
7 Day CHG~0.00%
Published-02 Jun, 2008 | 14:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

Action-Not Available
Vendor-n/aRed Hat, Inc.Apple Inc.
Product-enterprise_linuxmac_os_x_servermac_os_xn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10033
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 20.56%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 16:59
Updated-26 Mar, 2025 | 05:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Aap-gateway: xss on aap-gateway

A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linuxansible_developeransible_insideansible_automation_platformRed Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Ansible Automation Platform 2.5 for RHEL 9
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5326
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.31%
||
7 Day CHG~0.00%
Published-25 Nov, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5181
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 39.02%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_a-mqn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-3267
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.54%
||
7 Day CHG~0.00%
Published-11 Aug, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_operations_networkn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-6717
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-0.07% / 20.50%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 16:02
Updated-26 Aug, 2025 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: xss via assertion consumer service url in saml post-binding flow

A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Migration Toolkit for Applications 6Red Hat OpenShift GitOpsRHPAM 7.13.5 asyncRed Hat build of Keycloak 22.0.10Red Hat build of QuarkusRed Hat JBoss Enterprise Application Platform 6Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 7Red Hat Process Automation 7Red Hat Decision Manager 7Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat AMQ Broker 7Red Hat build of Apicurio Registry 2RHOSS-1.33-RHEL-8Red Hat Fuse 7Red Hat Developer HubRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Data Grid 7Migration Toolkit for Applications 7Red Hat build of Keycloak 22
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-5547
Matching Score-6
Assigner-Fedora Project
ShareView Details
Matching Score-6
Assigner-Fedora Project
CVSS Score-3.3||LOW
EPSS-0.10% / 27.54%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 19:35
Updated-04 Sep, 2024 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moodle: xss risk when previewing data in course upload tool

The course upload preview contained an XSS risk for users uploading unsafe data.

Action-Not Available
Vendor-Moodle Pty LtdRed Hat, Inc.Fedora Project
Product-enterprise_linuxfedoramoodle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1813
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 40.38%
||
7 Day CHG~0.00%
Published-16 Oct, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3536
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.28% / 51.40%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 12:15
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-integration_service_registryintegration_camel_kbuild_of_quarkuswildflyjboss_a-mqdescision_managerdata_gridjboss_enterprise_application_platformintegration_camel_quarkuswildfly
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3672
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.6||MEDIUM
EPSS-0.11% / 30.47%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 00:00
Updated-15 Oct, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-pgbouncerc-ares_projectn/aSiemens AGRed Hat, Inc.Fedora ProjectNode.js (OpenJS Foundation)
Product-c-aresenterprise_linux_server_update_services_for_sap_solutionsenterprise_linux_server_ausenterprise_linuxenterprise_linux_computer_nodeenterprise_linux_tusnode.jssinec_infrastructure_network_servicespgbouncerenterprise_linux_workstationfedoraenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_server_tusenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systems_eusc-ares
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1812
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 40.38%
||
7 Day CHG~0.00%
Published-16 Oct, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1286
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.69% / 70.79%
||
7 Day CHG~0.00%
Published-23 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxenterprise_linux_workstation_supplementaryopensuseenterprise_linux_server_supplementarychromeenterprise_linux_server_supplementary_eusenterprise_linux_desktop_supplementaryn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1565
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.54%
||
7 Day CHG~0.00%
Published-09 Feb, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aNovellMicrosoft CorporationHitachi, Ltd.Red Hat, Inc.
Product-enterprise_linuxglobal_link_manageropensusetiered_storage_managerreplication_managerwindowsdevice_managercompute_systems_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-5961
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.23%
||
7 Day CHG~0.00%
Published-23 May, 2008 | 14:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-network_satelliten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3529
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.22% / 45.07%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 16:10
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-openshift_container_platformnoobaa-operatornoobaa-core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-0298
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.59%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-mod_clustern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-0284
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.41% / 60.67%
||
7 Day CHG~0.00%
Published-14 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-satellitespacewalk-javan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-26582
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-6
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 52.80%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 17:50
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS).

Action-Not Available
Vendor-n/aMicrosoft CorporationHP Inc.Red Hat, Inc.
Product-icewall_sso_dgfwwindowsenterprise_linuxhp-uxIceWall SSO Dgfw
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-3918
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-90.11% / 99.57%
||
7 Day CHG~0.00%
Published-28 Jul, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.
Product-enterprise_linux_serverubuntu_linuxhttp_serverenterprise_linux_workstationdebian_linuxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-12685
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.37%
||
7 Day CHG~0.00%
Published-15 May, 2020 | 16:53
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-interchangen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-3079
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 61.72%
||
7 Day CHG~0.00%
Published-14 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-satellitespacewalk-javan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3654
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.97%
||
7 Day CHG~0.00%
Published-03 Nov, 2014 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.

Action-Not Available
Vendor-n/aRed Hat, Inc.SUSE
Product-satellite_with_embedded_oraclemanager_serversuse_linux_enterprise_serversatellitespacewalk-javamanagern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3681
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.82%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aRed Hat, Inc.Jenkins
Product-openshiftjenkinsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3649
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 56.05%
||
7 Day CHG~0.00%
Published-04 Nov, 2019 | 14:02
Updated-06 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JBoss AeroGear has reflected XSS via the password field

Action-Not Available
Vendor-JBossRed Hat, Inc.
Product-jboss_aerogearAeroGear
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3592
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 56.05%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 15:33
Updated-06 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenShift Origin: Improperly validated team names could allow stored XSS attacks

Action-Not Available
Vendor-OpenShift OriginRed Hat, Inc.
Product-openshift_originOpenShift Origin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11556
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.59% / 68.13%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 05:56
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pagure before 5.6 allows XSS via the templates/blame.html blame view.

Action-Not Available
Vendor-n/aRed Hat, Inc.openSUSE
Product-pagurebackports_sleleapn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-1530
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.76% / 72.28%
||
7 Day CHG~0.00%
Published-30 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirddebian_linuxenterprise_linux_server_ausfedoraseamonkeyfirefox_esrubuntu_linuxenterprise_linux_desktopopensusesuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10219
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.86% / 82.32%
||
7 Day CHG~0.00%
Published-08 Nov, 2019 | 14:46
Updated-07 Jul, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Action-Not Available
Vendor-HibernateOracle CorporationNetApp, Inc.Red Hat, Inc.
Product-communications_pricing_design_centeragile_product_lifecycle_management_integration_packcommunications_cloud_native_core_consolemysql_serverdata_integratorbanking_platformcommerce_platformwebcenter_portalfuseretail_order_brokerpolicy_automationpeoplesoft_enterprise_peopletoolsweblogic_servere-business_suitemysql_clustercommunications_data_modelenterprise_manager_ops_centeressbaseretail_back_officecommunications_cloud_native_core_network_repository_functionhospitality_reporting_and_analyticscommunications_metasolv_solutioncommunications_offline_mediation_controllerpeoplesoft_enterprise_cs_sa_integration_packflexcube_private_bankingretail_predictive_application_serverhealthcare_data_repositoryjd_edwards_enterpriseone_orchestratorcommunications_cloud_native_core_unified_data_repositoryclinicalenterprise_session_border_controllerinsurance_rules_palettecommunications_webrtc_session_controllerretail_financial_integrationflexcube_investor_servicinghealthcare_foundationcommunications_network_integritymysql_connectorshospitality_opera_5_property_servicescommunications_diameter_signaling_routenosql_databasetimesten_in-memory_databasebusiness_process_management_suiteretail_allocationfujitsu_m12-2_firmwareretail_assortment_planningsolarisbanking_apisprimavera_p6_professional_project_managementgraph_server_and_clientjboss_enterprise_application_platformretail_customer_management_and_segmentation_foundationapplication_performance_managementdatabase_serverfinancial_services_analytical_applications_infrastructureapplication_testing_suitebanking_deposits_and_lines_of_credit_servicingfujitsu_m10-4elementretail_order_management_systemutilities_frameworkprimavera_unifiercommunications_convergencebig_data_spatial_and_graphfinancial_services_enterprise_case_managementhealth_sciences_clinical_development_analyticsretail_returns_managementargus_analyticshospitality_cruise_shipboard_property_management_systemfusion_middleware_mapviewerutilities_testing_acceleratorsiebel_applicationsfujitsu_m12-2svm_virtualboxcommunications_cloud_native_core_automated_test_suitecommunications_converged_application_server_-_service_controllerretail_point-of-saleretail_service_backboneretail_integration_buscommunications_convergent_charging_controllerinsurance_insbridge_rating_and_underwritingaccess_managerenterprise_manager_base_platformretail_customer_insightsreal-time_decision_serverjboss_data_gridfujitsu_m10-4sessbase_administration_serviceshyperion_infrastructure_technologyfujitsu_m12-1_firmwarebusiness_activity_monitoringprimavera_data_warehousecommunications_session_border_controllergoldengate_application_adaptershealth_sciences_information_managermanagement_services_for_element_software_and_netapp_hcipeoplesoft_enterprise_people_toolsrest_data_servicesairlines_data_modelretail_size_profile_optimizationdocumakergoldengateretail_central_officeapplication_expresssnapcenter_plug-inhealth_sciences_inform_crf_submitcommunications_billing_and_revenue_managementinsurance_data_gatewayfujitsu_m12-1primavera_portfolio_managementspatial_studiohyperion_financial_managementretail_analyticsretail_fiscal_managementfinancial_services_foreign_account_tax_compliance_act_managementbanking_digital_experiencecommunications_services_gatekeeperfinancial_services_behavior_detection_platforminstantis_enterprisetrackenterprise_communications_brokerbanking_loans_servicingcommunications_service_brokercommunications_cloud_native_core_service_communication_proxysecure_backupcommunications_operations_monitorfinancial_services_trade-based_anti_money_launderingcommunications_cloud_native_core_security_edge_protection_proxyenterprise_data_qualityretail_price_managementbanking_enterprise_default_managementinsurance_policy_administration_j2eecommunications_cloud_native_core_network_function_cloud_native_environmentcommunications_unified_inventory_managementretail_eftlinkcommunications_eagle_application_processorcommunications_design_studiobanking_enterprise_default_managmentagile_engineering_data_managementjdkcommunications_contacts_serveropenshift_application_runtimeshibernate_validatorhyperion_ilearningrapid_planninggraalvmcommunications_application_session_controllerenterprise_linuxretail_invoice_matchingargus_insightdemantra_demand_managementfujitsu_m10-1banking_party_managementhttp_serverfinancial_services_model_management_and_governancehospitality_suite8communications_cloud_native_core_binding_support_functioncommunications_cloud_native_core_policycommunications_network_charging_and_controlhealthcare_translational_researchcommerce_guided_searchprimavera_p6_enterprise_project_portfolio_managementretail_extract_transform_and_loadcommunications_calendar_servercommunications_billing_and_revenue_management_elastic_charging_enginebusiness_intelligencefusion_middlewaresd-wan_awareagile_product_lifecycle_analyticscommunications_messaging_serverzfs_storage_appliance_kitfujitsu_m10-4s_firmwareinsurance_policy_administrationcommunications_instant_messaging_serverargus_safetyfujitsu_m12-2agile_plmactive_iq_unified_managerfujitsu_m10-4_firmwareretail_xstore_point_of_servicereal_user_experience_insightzfs_storage_application_integration_engineering_softwareprimavera_analyticscommunications_interactive_session_recordersingle_sign-onbi_publisheross_support_toolsjava_semysql_workbenchprimavera_gatewaymanaged_file_transferthesaurus_management_systemsd-wan_edgeretail_merchandising_systemfujitsu_m12-2s_firmwarefujitsu_m10-1_firmwarehibernate-validator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10180
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-2.4||LOW
EPSS-0.48% / 64.33%
||
7 Day CHG+0.03%
Published-31 Mar, 2020 | 16:31
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

Action-Not Available
Vendor-dogtagpki[UNKNOWN]Red Hat, Inc.
Product-certificate_systemdogtagpkipki-core
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-7812
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.21% / 43.36%
||
7 Day CHG~0.00%
Published-15 Jan, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.

Action-Not Available
Vendor-n/aRed Hat, Inc.SUSE
Product-satellitespacewalkmanagern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-7852
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.42%
||
7 Day CHG~0.00%
Published-11 Dec, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-jboss_enterprise_portal_platformn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-7811
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.18% / 40.38%
||
7 Day CHG~0.00%
Published-15 Jan, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.

Action-Not Available
Vendor-n/aRed Hat, Inc.SUSE
Product-network_satellitespacewalkmanagern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-1869
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.60% / 68.46%
||
7 Day CHG~0.00%
Published-08 Feb, 2014 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters).

Action-Not Available
Vendor-zeroclipboard_projectn/aRed Hat, Inc.
Product-zeroclipboardopenshiftn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 182
  • 183
  • Next
Details not found