Cross-Site Scripting Vulnerability in JBoss KeyCloak by Red Hat
CVE-2014-3656

6.1MEDIUM

Key Information:

Vendor: Jboss Keycloak
Status: Jboss Keycloak
Vendor: CVE Published:; 10 December 2019

🔔 Create Jboss Keycloak Vulnerability Alert

What is CVE-2014-3656?

A cross-site scripting vulnerability exists in the login-status-iframe.html file of JBoss KeyCloak. This flaw may allow attackers to inject malicious scripts into the application context, potentially compromising user sessions and sensitive information.

Affected Version(s)

JBoss KeyCloak through 2014-09-22

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3656

x_refsource_MISC

https://access.redhat.com/security/cve/cve-2014-3656

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2019
Vulnerability Reserved
May 14, 2014

JSON