Описание
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
Ссылки
- ExploitIssue TrackingVendor Advisory
- Broken Link
- ExploitIssue TrackingVendor Advisory
- Broken Link
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00487
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.7
redhat
около 4 лет назад
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
CVSS3: 5.4
debian
больше 3 лет назад
A flaw was found in Keycloak. This flaw allows a privileged attacker t ...
CVSS3: 5.4
github
больше 3 лет назад
Keycloak XSS via use of malicious payload as group name when creating new group from admin console
EPSS
Процентиль: 65%
0.00487
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79