Description
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.
Published: 2023-09-20
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-1124 A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.
Github GHSA Github GHSA GHSA-w354-2f3c-qvg9 Keycloak vulnerable to Cross-site Scripting
History

Tue, 24 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Redhat Keycloak Red Hat Single Sign On Rhosemc
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-09-24T15:06:01.676Z

Reserved: 2022-04-22T14:36:34.415Z

Link: CVE-2022-1438

cve-icon Vulnrichment

Updated: 2024-08-03T00:03:06.303Z

cve-icon NVD

Status : Modified

Published: 2023-09-20T14:15:12.607

Modified: 2024-11-21T06:40:44.223

Link: CVE-2022-1438

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-02-28T18:56:00Z

Links: CVE-2022-1438 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses