Site icon API Security Blog

Cross-site Scripting (XSS)

org.keycloak:keycloak-services is vulnerable to Cross-site Scripting (XSS) attacks. A remote attacker is able to insert an arbitrary URI into an error page via the `oob OAuth` endpoint due to incorrect null-byte handling.Read More

Exit mobile version