GHSA-w8v7-c7pm-7wfr – org.keycloak:keycloak-core

Package

Manager: maven
Name: org.keycloak:keycloak-core
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Keycloak vulnerable to Cross-Site Scripting (XSS) ## Duplicate Advisory This advisory is a duplicate of [GHSA-w9mf-83w3-fv49](https://github.com/advisories/GHSA-w9mf-83w3-fv49). This link is maintained to preserve external references. ## Original Description A stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.

Metadata

Created: 2022-09-02T00:01:02Z
Modified: 2022-09-23T16:29:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-w8v7-c7pm-7wfr/GHSA-w8v7-c7pm-7wfr.json
CWE IDs: ["CWE-79"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0