Duplicate Advisory: Keycloak vulnerable to Cross-Site Scripting (XSS)

Duplicate Advisory

This advisory is a duplicate of GHSA-w9mf-83w3-fv49. This link is maintained to preserve external references.

Original Description

A stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.

Published: Sep 2, 2022
Updated: Apr 14, 2023
GHSA: GHSA-w8v7-c7pm-7wfr
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
org.keycloak / keycloak-core	-	19.0.1.x

https://bugzilla.redhat.com/show_bug.cgi?id=2101942
https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49

Vulnerability Database

289,599

Duplicate Advisory: Keycloak vulnerable to Cross-Site Scripting (XSS)

Duplicate Advisory

Original Description