GHSA-f679-254h-qhvj: Leantime allows Cross-Site Scripting (XSS)

GHSA-95j3-435g-vjcp: Leantime affected by Improper Neutralization of HTML Tags

GHSA-3hfj-qcvj-4hx8: Leantime has Missing Authorization Check for Host Parameter

GHSA-38h4-fx85-qcx7: Exiv2 allows Use After Free

GHSA-c39w-3pjx-qc7m: Leantime allows Stored Cross-Site Scripting (XSS)

A flaw was found in the Keycloak package. This flaw allows an attacker to benefit from an LDAP query and access existing usernames in the server.

**Keycloak vulnerable to LDAP Injection on UsernameForm Login**

Low severity GitHub Reviewed Published Nov 29, 2023 in keycloak/keycloak • Updated Nov 29, 2023

Headline

GHSA-8hc5-rmgf-qx6p: Keycloak vulnerable to LDAP Injection on UsernameForm Login

ghsa: Latest News