CVE-2022-2256

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.keycloak/keycloak-core

Identifiers

GHSA-w8v7-c7pm-7wfr, CVE-2022-2256

Package Slug

maven/org.keycloak/keycloak-core

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.

Affected Versions

All versions up to 19.0.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-09-19

source