Описание
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
Ссылки
- Issue TrackingMitigationVendor Advisory
- Issue TrackingMitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 12.0.0 (исключая)
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00271
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 4
redhat
больше 5 лет назад
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
CVSS3: 4.8
debian
около 5 лет назад
A flaw was found in Keycloak before version 12.0.0, where it is possib ...
EPSS
Процентиль: 50%
0.00271
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79