CVE-2024-4028

LOW Year: 2024
CVSS v3 Score
3.8
Low
Weakness Type
CWE-20
View all →

Vulnerability Description

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.

Related Vulnerabilities

CVE-2017-18398

LOW
CVSS:3.8(Low)

DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).

CWE-202017

CVE-2024-56321

LOW
CVSS:3.8(Low)

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitra...

CWE-202024

CVE-2012-3338

LOW
CVSS:3.7(Low)

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker coul...

CWE-202012

CVE-2015-7519

LOW
CVSS:3.7(Low)

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote at...

CWE-202015

CVE-2015-7759

LOW
CVSS:3.7(Low)

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attac...

CWE-202015

CVE-2016-0281

LOW
CVSS:3.7(Low)

The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash...

CWE-202016