Описание
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.
Ссылки
- Issue TrackingVendor Advisory
- Broken LinkThird Party Advisory
- Issue TrackingVendor Advisory
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00882
Низкий
3.8 Low
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 3.8
redhat
больше 3 лет назад
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.
CVSS3: 3.8
debian
больше 3 лет назад
A Stored Cross-site scripting (XSS) vulnerability was found in keycloa ...
CVSS3: 5.4
github
больше 3 лет назад
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
EPSS
Процентиль: 75%
0.00882
Низкий
3.8 Low
CVSS3
Дефекты
CWE-79
CWE-79