Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS.
References
Link | Resource |
---|---|
https://backstage.forgerock.com/knowledge/kb/article/a45958025 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2019-06-19 15:15
Updated : 2019-06-21 06:59
NVD link : CVE-2017-14395
Mitre link : CVE-2017-14395
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
forgerock
- access_management
- openam