#java

An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the `referrer` and `referrer_uri` parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the `redirect_uri` using URL encoding, to hide the text of t...

### Impact In certain cases, `path-to-regexp` will output a regular expression that can be exploited to cause poor performance. ### Patches For users of 0.1, upgrade to `0.1.10`. All other users should upgrade to `8.0.0`. Version 0.1.10 adds backtracking protection when a custom regular expression is not provided, so it's still possible to manually create a ReDoS vulnerability if you are providing custom regular expressions. Version 8.0.0 removes all features that can cause a ReDoS and stops exposing the regular expression directly. ### Workarounds All versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change `/:a-:b` to `/:a-:b([^-/]+)`. If paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length. For example, halving the attack string improves pe...

POMS version 1.0 suffers from an ignored default credential vulnerability.

Pharmacy Management System version version 1.0 suffers from an ignored default credential vulnerability.

PDF Generator Web Application version 1.0 suffers from an ignored default credential vulnerability.

Online Travel Agency System version 1.0 suffers from an ignored default credential vulnerability.

Online Tours and Travels Management System version 1.0 suffers from an ignored default credential vulnerability.

### Impact XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( `<!DOCTYPE foo [<!ENTITY example SYSTEM "/etc/passwd"> ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. ### Patches This issue has been patched in release 6.3.23 ### Workarounds None. ### References [MITRE CWE](https://cwe.mitre.org/data/definitions/611.html) [OWASP XML External Entity Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#transformerfactory)

C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a persistent cross site scripting vulnerability.

C-MOR Video Surveillance version 5.2401 suffers from a reflective cross site scripting vulnerability.