Описание
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2040268keycloak: Stored XSS in groups dropdown
5.7 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
CVSS3: 5.4
debian
больше 3 лет назад
A flaw was found in Keycloak. This flaw allows a privileged attacker t ...
CVSS3: 5.4
github
больше 3 лет назад
Keycloak XSS via use of malicious payload as group name when creating new group from admin console
5.7 Medium
CVSS3