Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-fqc7-5xxc-ph7r

Опубликовано: 27 авг. 2022
Источник: github
Github: Прошло ревью
CVSS3: 5.4

Описание

Keycloak XSS via use of malicious payload as group name when creating new group from admin console

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.

Ссылки

Пакеты

Наименование

org.keycloak:keycloak-core

maven
Затронутые версииВерсия исправления

<= 16.1.0

Отсутствует

EPSS

Процентиль: 65%
0.00487
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-0225

Дефекты

CWE-79

Связанные уязвимости

redhat логотип

CVE-2022-0225

CVSS3: 5.7
redhat
около 4 лет назад

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.

nvd логотип

CVE-2022-0225

CVSS3: 5.4
nvd
больше 3 лет назад

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.

debian логотип

CVE-2022-0225

CVSS3: 5.4
debian
больше 3 лет назад

A flaw was found in Keycloak. This flaw allows a privileged attacker t ...

EPSS

Процентиль: 65%
0.00487
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2022-0225

Дефекты

CWE-79