Tag
#web
Red Hat Security Advisory 2024-3576-03 - New images are available for Red Hat build of Keycloak 24.0.5 and Red Hat build of Keycloak 24.0.5 Operator, running on OpenShift Container Platform.
Red Hat Security Advisory 2024-3575-03 - An update is now available for Red Hat build of Keycloak.
Red Hat Security Advisory 2024-3574-03 - New Red Hat build of Keycloak 22.0.11 packages are available from the Customer Portal.
Red Hat Security Advisory 2024-3573-03 - New images are available for Red Hat build of Keycloak 22.0.11 and Red Hat build of Keycloak 22.0.11 Operator, running on OpenShift Container Platform.
Red Hat Security Advisory 2024-3572-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal.
Red Hat Security Advisory 2024-3570-03 - A new image is available for Red Hat Single Sign-On 7.6.9, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.
Red Hat Security Advisory 2024-3568-03 - New Red Hat Single Sign-On 7.6.9 package are now available for Red Hat Enterprise Linux 9.
Red Hat Security Advisory 2024-3567-03 - New Red Hat Single Sign-On 7.6.9 package are now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-3566-03 - New Red Hat Single Sign-On 7.6.9 package are now available for Red Hat Enterprise Linux 7.
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 4.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits available Vendor: Uniview Equipment: NVR301-04S2-P4 Vulnerability: Cross-site Scripting 2. RISK EVALUATION An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Uniview NVR, a network video recorder, is affected: NVR301-04S2-P4: Versions prior to NVR-B3801.20.17.240507 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 The affected product is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are ...