CVE-2017-12158

Posted on by admin

CVE-2017-12158

It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.

Source: CVE-2017-12158

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다