CVE-2014-3656

MEDIUM

JBoss KeyCloak - Cross-Site Scripting in login-status-iframe.html

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3656. PoCs published by shoucheng3.

AI-analyzed exploit summary The repository contains infrastructure scripts and configuration files for Keycloak but lacks any exploit PoC code for CVE-2014-3656. No offensive techniques or vulnerability-specific code is present.

Description

JBoss KeyCloak: XSS in login-status-iframe.html

Exploits (1)

nomisec STUB
by shoucheng3 · poc
https://github.com/shoucheng3/keycloak__keycloak_CVE-2014-3656_1-0-5-Final

The repository contains infrastructure scripts and configuration files for Keycloak but lacks any exploit PoC code for CVE-2014-3656. No offensive techniques or vulnerability-specific code is present.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Keycloak
No auth needed
Prerequisites: none
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3656
Vendor Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2014-3656

Scores

CVSS v3 6.1
EPSS 0.0029
EPSS Percentile 52.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
org.keycloak/keycloak-core 0 - 1.1.0.Beta1Maven
redhat/jboss_keycloak
Published Dec 10, 2019
Tracked Since Feb 18, 2026