CVE-2024-53843 | DapperDuckling keycloak-connector up to 2.5.4 URL Parameter cross site scripting (GHSA-w5rq-g9r6-vrcg)

Posted by Angelo Barbosa | Nov 26, 2024 | CVE

A vulnerability classified as problematic has been found in DapperDuckling keycloak-connector up to 2.5.4. This affects an unknown part of the component URL Parameter Handler. The manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2024-53843. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-53843 | DapperDuckling keycloak-connector up to 2.5.4 URL Parameter cross site scripting (GHSA-w5rq-g9r6-vrcg)

Related Posts

CVE-2023-6971 | Backup Migration Plugin up to 1.3.9 on WordPress content-dir file inclusion

CVE-2024-45316 | SonicWALL SMA1000 Connect Tunnel Client up to 12.4.271 on Windows link following (SNWLID-2024-0017)

CVE-2024-36246 | Yokogawa Rental & Lease Unifier/Unifier Cast authorization (ID 20240527)

CVE-2024-6411 | ProfileGrid Plugin up to 5.8.9 on WordPress authorization