Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-q6w2-89hq-hq27

Опубликовано: 08 июн. 2021
Источник: github
Github: Прошло ревью
CVSS3: 9.6

Описание

keycloak Self Stored Cross-site Scripting vulnerability

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Ссылки

Пакеты

Наименование

org.keycloak:keycloak-core

maven
Затронутые версииВерсия исправления

< 13.0.0

13.0.0

EPSS

Процентиль: 53%
0.00305
Низкий

9.6 Critical

CVSS3

CVE ID

CVE-2021-20195

Дефекты

CWE-116
CWE-20
CWE-79

Связанные уязвимости

redhat логотип

CVE-2021-20195

CVSS3: 8.3
redhat
почти 5 лет назад

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

nvd логотип

CVE-2021-20195

CVSS3: 9.6
nvd
больше 4 лет назад

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

debian логотип

CVE-2021-20195

CVSS3: 9.6
debian
больше 4 лет назад

A flaw was found in keycloak in versions before 13.0.0. A Self Stored ...

EPSS

Процентиль: 53%
0.00305
Низкий

9.6 Critical

CVSS3

CVE ID

CVE-2021-20195

Дефекты

CWE-116
CWE-20
CWE-79