CVE-2022-2256

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.keycloak/keycloak-parent

Identifiers

GHSA-w9mf-83w3-fv49, CVE-2022-2256

Package Slug

maven/org.keycloak/keycloak-parent

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.

Affected Versions

All versions before 19.0.2

Solution

Upgrade to version 19.0.2 or above.

Last Modified

2022-09-27

source