Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-39am-wkz3-8ubu
Summary
Cross-site Scripting
When using `response_mode=form_post` it is possible to inject arbitrary Javascript-Code via the `state`-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.
Aliases
0
alias CVE-2018-14655
1
alias GHSA-458h-wv48-fq75
Fixed_packages
0
url pkg:npm/keycloak-connect@4.0.0-beta.1
purl pkg:npm/keycloak-connect@4.0.0-beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-5zh6-37gp-pbas
3
vulnerability VCID-9719-srgk-33dh
4
vulnerability VCID-cg94-7n2h-7fac
5
vulnerability VCID-cwqj-tnbj-3ubh
6
vulnerability VCID-dc8s-fqv5-1uhk
7
vulnerability VCID-djda-aqxt-s3e9
8
vulnerability VCID-dx7u-4d6j-cfee
9
vulnerability VCID-eucs-thxn-4kfv
10
vulnerability VCID-p1cj-f4de-1qc4
11
vulnerability VCID-prsa-264j-mfah
12
vulnerability VCID-wgzd-wv2e-pyhy
13
vulnerability VCID-wt2c-cyu2-kbgm
14
vulnerability VCID-wuh8-4akm-2uae
15
vulnerability VCID-x24y-5nan-efg3
16
vulnerability VCID-xghp-f8g9-akhn
17
vulnerability VCID-y9de-4w6u-abfa
18
vulnerability VCID-zfgf-9455-d3fe
19
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.0.0-beta.1
1
url pkg:npm/keycloak-connect@4.0.0-beta.3
purl pkg:npm/keycloak-connect@4.0.0-beta.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-5zh6-37gp-pbas
3
vulnerability VCID-9719-srgk-33dh
4
vulnerability VCID-cg94-7n2h-7fac
5
vulnerability VCID-cwqj-tnbj-3ubh
6
vulnerability VCID-dc8s-fqv5-1uhk
7
vulnerability VCID-djda-aqxt-s3e9
8
vulnerability VCID-dx7u-4d6j-cfee
9
vulnerability VCID-eucs-thxn-4kfv
10
vulnerability VCID-p1cj-f4de-1qc4
11
vulnerability VCID-prsa-264j-mfah
12
vulnerability VCID-wgzd-wv2e-pyhy
13
vulnerability VCID-wt2c-cyu2-kbgm
14
vulnerability VCID-wuh8-4akm-2uae
15
vulnerability VCID-x24y-5nan-efg3
16
vulnerability VCID-xghp-f8g9-akhn
17
vulnerability VCID-y9de-4w6u-abfa
18
vulnerability VCID-zfgf-9455-d3fe
19
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.0.0-beta.3
2
url pkg:npm/keycloak-connect@4.1.0
purl pkg:npm/keycloak-connect@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-5zh6-37gp-pbas
3
vulnerability VCID-9719-srgk-33dh
4
vulnerability VCID-cg94-7n2h-7fac
5
vulnerability VCID-cwqj-tnbj-3ubh
6
vulnerability VCID-dc8s-fqv5-1uhk
7
vulnerability VCID-djda-aqxt-s3e9
8
vulnerability VCID-dx7u-4d6j-cfee
9
vulnerability VCID-eucs-thxn-4kfv
10
vulnerability VCID-p1cj-f4de-1qc4
11
vulnerability VCID-prsa-264j-mfah
12
vulnerability VCID-wgzd-wv2e-pyhy
13
vulnerability VCID-wt2c-cyu2-kbgm
14
vulnerability VCID-wuh8-4akm-2uae
15
vulnerability VCID-x24y-5nan-efg3
16
vulnerability VCID-xghp-f8g9-akhn
17
vulnerability VCID-y9de-4w6u-abfa
18
vulnerability VCID-zfgf-9455-d3fe
19
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.1.0
3
url pkg:npm/keycloak-connect@4.4.0
purl pkg:npm/keycloak-connect@4.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-5zh6-37gp-pbas
3
vulnerability VCID-9719-srgk-33dh
4
vulnerability VCID-cg94-7n2h-7fac
5
vulnerability VCID-cwqj-tnbj-3ubh
6
vulnerability VCID-dc8s-fqv5-1uhk
7
vulnerability VCID-djda-aqxt-s3e9
8
vulnerability VCID-dx7u-4d6j-cfee
9
vulnerability VCID-eucs-thxn-4kfv
10
vulnerability VCID-p1cj-f4de-1qc4
11
vulnerability VCID-prsa-264j-mfah
12
vulnerability VCID-wgzd-wv2e-pyhy
13
vulnerability VCID-wt2c-cyu2-kbgm
14
vulnerability VCID-wuh8-4akm-2uae
15
vulnerability VCID-x24y-5nan-efg3
16
vulnerability VCID-xghp-f8g9-akhn
17
vulnerability VCID-y9de-4w6u-abfa
18
vulnerability VCID-zfgf-9455-d3fe
19
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.4.0
Affected_packages
0
url pkg:maven/org.keycloak/keycloak-core@3.4.3.Final
purl pkg:maven/org.keycloak/keycloak-core@3.4.3.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2ba6-j1fs-2kfc
2
vulnerability VCID-2qmw-afpp-7qa8
3
vulnerability VCID-39am-wkz3-8ubu
4
vulnerability VCID-3kg4-uvgq-5khf
5
vulnerability VCID-5zh6-37gp-pbas
6
vulnerability VCID-9719-srgk-33dh
7
vulnerability VCID-9kte-cfz7-hqa3
8
vulnerability VCID-cg94-7n2h-7fac
9
vulnerability VCID-cwqj-tnbj-3ubh
10
vulnerability VCID-dc8s-fqv5-1uhk
11
vulnerability VCID-djda-aqxt-s3e9
12
vulnerability VCID-gr2e-ntp4-9fdg
13
vulnerability VCID-h539-621j-d7bn
14
vulnerability VCID-hdx2-k9s5-zqff
15
vulnerability VCID-hjue-s41w-bye9
16
vulnerability VCID-prsa-264j-mfah
17
vulnerability VCID-wgzd-wv2e-pyhy
18
vulnerability VCID-wt2c-cyu2-kbgm
19
vulnerability VCID-wuh8-4akm-2uae
20
vulnerability VCID-y9de-4w6u-abfa
21
vulnerability VCID-zfgf-9455-d3fe
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@3.4.3.Final
1
url pkg:maven/org.keycloak/keycloak-core@4.3.9.Final
purl pkg:maven/org.keycloak/keycloak-core@4.3.9.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39am-wkz3-8ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-core@4.3.9.Final
2
url pkg:maven/org.keycloak/keycloak-parent@3.4.3.Final
purl pkg:maven/org.keycloak/keycloak-parent@3.4.3.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39am-wkz3-8ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@3.4.3.Final
3
url pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta1
purl pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39am-wkz3-8ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta1
4
url pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta2
purl pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39am-wkz3-8ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.0.0.Beta2
5
url pkg:maven/org.keycloak/keycloak-parent@4.3.0.Final
purl pkg:maven/org.keycloak/keycloak-parent@4.3.0.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39am-wkz3-8ubu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@4.3.0.Final
6
url pkg:npm/keycloak-connect@3.4.3
purl pkg:npm/keycloak-connect@3.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-39am-wkz3-8ubu
3
vulnerability VCID-5zh6-37gp-pbas
4
vulnerability VCID-9719-srgk-33dh
5
vulnerability VCID-cg94-7n2h-7fac
6
vulnerability VCID-cwqj-tnbj-3ubh
7
vulnerability VCID-dc8s-fqv5-1uhk
8
vulnerability VCID-djda-aqxt-s3e9
9
vulnerability VCID-dx7u-4d6j-cfee
10
vulnerability VCID-eucs-thxn-4kfv
11
vulnerability VCID-fh1s-1jqa-3bgp
12
vulnerability VCID-p1cj-f4de-1qc4
13
vulnerability VCID-prsa-264j-mfah
14
vulnerability VCID-wgzd-wv2e-pyhy
15
vulnerability VCID-wt2c-cyu2-kbgm
16
vulnerability VCID-wuh8-4akm-2uae
17
vulnerability VCID-x24y-5nan-efg3
18
vulnerability VCID-xghp-f8g9-akhn
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-zfgf-9455-d3fe
21
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@3.4.3
7
url pkg:npm/keycloak-connect@4.0.0-beta.2
purl pkg:npm/keycloak-connect@4.0.0-beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-39am-wkz3-8ubu
3
vulnerability VCID-5zh6-37gp-pbas
4
vulnerability VCID-9719-srgk-33dh
5
vulnerability VCID-cg94-7n2h-7fac
6
vulnerability VCID-cwqj-tnbj-3ubh
7
vulnerability VCID-dc8s-fqv5-1uhk
8
vulnerability VCID-djda-aqxt-s3e9
9
vulnerability VCID-dx7u-4d6j-cfee
10
vulnerability VCID-eucs-thxn-4kfv
11
vulnerability VCID-p1cj-f4de-1qc4
12
vulnerability VCID-prsa-264j-mfah
13
vulnerability VCID-wgzd-wv2e-pyhy
14
vulnerability VCID-wt2c-cyu2-kbgm
15
vulnerability VCID-wuh8-4akm-2uae
16
vulnerability VCID-x24y-5nan-efg3
17
vulnerability VCID-xghp-f8g9-akhn
18
vulnerability VCID-y9de-4w6u-abfa
19
vulnerability VCID-zfgf-9455-d3fe
20
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.0.0-beta.2
8
url pkg:npm/keycloak-connect@4.3.0
purl pkg:npm/keycloak-connect@4.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-13dn-ke8h-67ez
1
vulnerability VCID-2qmw-afpp-7qa8
2
vulnerability VCID-39am-wkz3-8ubu
3
vulnerability VCID-5zh6-37gp-pbas
4
vulnerability VCID-9719-srgk-33dh
5
vulnerability VCID-bj1j-1evb-wkgr
6
vulnerability VCID-cg94-7n2h-7fac
7
vulnerability VCID-cwqj-tnbj-3ubh
8
vulnerability VCID-dc8s-fqv5-1uhk
9
vulnerability VCID-djda-aqxt-s3e9
10
vulnerability VCID-dx7u-4d6j-cfee
11
vulnerability VCID-eucs-thxn-4kfv
12
vulnerability VCID-p1cj-f4de-1qc4
13
vulnerability VCID-prsa-264j-mfah
14
vulnerability VCID-wgzd-wv2e-pyhy
15
vulnerability VCID-wt2c-cyu2-kbgm
16
vulnerability VCID-wuh8-4akm-2uae
17
vulnerability VCID-x24y-5nan-efg3
18
vulnerability VCID-xghp-f8g9-akhn
19
vulnerability VCID-y9de-4w6u-abfa
20
vulnerability VCID-zfgf-9455-d3fe
21
vulnerability VCID-zkxq-ejyr-8ba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/keycloak-connect@4.3.0
9
url pkg:rpm/redhat/rh-sso7-keycloak@3.4.14-1.Final_redhat_00001.1.jbcs?arch=el6
purl pkg:rpm/redhat/rh-sso7-keycloak@3.4.14-1.Final_redhat_00001.1.jbcs?arch=el6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39am-wkz3-8ubu
1
vulnerability VCID-5zh6-37gp-pbas
2
vulnerability VCID-bj1j-1evb-wkgr
3
vulnerability VCID-fh1s-1jqa-3bgp
4
vulnerability VCID-g9qz-99pv-9bgw
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@3.4.14-1.Final_redhat_00001.1.jbcs%3Farch=el6
10
url pkg:rpm/redhat/rh-sso7-keycloak@3.4.14-1.Final_redhat_00001.1.jbcs?arch=el7
purl pkg:rpm/redhat/rh-sso7-keycloak@3.4.14-1.Final_redhat_00001.1.jbcs?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39am-wkz3-8ubu
1
vulnerability VCID-5zh6-37gp-pbas
2
vulnerability VCID-bj1j-1evb-wkgr
3
vulnerability VCID-fh1s-1jqa-3bgp
4
vulnerability VCID-g9qz-99pv-9bgw
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@3.4.14-1.Final_redhat_00001.1.jbcs%3Farch=el7
References
0
reference_url https://access.redhat.com/errata/RHSA-2018:3592
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3592
1
reference_url https://access.redhat.com/errata/RHSA-2018:3593
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3593
2
reference_url https://access.redhat.com/errata/RHSA-2018:3595
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:3595
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14655.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14655
reference_id
reference_type
scores
0
value 0.0022
scoring_system epss
scoring_elements 0.44673
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14655
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14655
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1625396
reference_id 1625396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1625396
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14655
reference_id CVE-2018-14655
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14655
9
reference_url https://github.com/advisories/GHSA-458h-wv48-fq75
reference_id GHSA-458h-wv48-fq75
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-458h-wv48-fq75
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-39am-wkz3-8ubu