Cross-site Scripting in Keycloak
Moderate severity
GitHub Reviewed
Published
Feb 9, 2022
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Sep 16, 2020
Reviewed
Apr 1, 2021
Published to the GitHub Advisory Database
Feb 9, 2022
Last updated
Feb 1, 2023
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
References