Duplicate Advisory: Keycloak vulnerable to Cross-Site Scripting (XSS)

Duplicate Advisory

This advisory is a duplicate of GHSA-w9mf-83w3-fv49. This link is maintained to preserve external references.

Original Description

A stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.

References

Published by the National Vulnerability Database Sep 1, 2022

Published to the GitHub Advisory Database Sep 2, 2022

Reviewed Sep 16, 2022

Withdrawn Sep 23, 2022

Last updated Jan 30, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description