Bill Burke

4 exploits Active since Dec 2017
CVE-2014-3651 NOMISEC HIGH WRITEUP
Keycloak < 1.0.3 - Denial of Service via Large QR Code Size Parameter
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVSS 7.5
CVE-2022-4137 NOMISEC HIGH STUB
Keycloak < 20.0.5 - Reflected Cross-Site Scripting via OAuth OOB Endpoint
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.
CVSS 8.1
CVE-2022-1274 NOMISEC MEDIUM WORKING POC
Keycloak < 20.0.5 - Cross-Site Scripting via Execute-Actions-Email Endpoint
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
CVSS 5.4
CVE-2014-3651 NOMISEC HIGH WRITEUP
Keycloak < 1.0.3 - Denial of Service via Large QR Code Size Parameter
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVSS 7.5