logo

Database

Server side cross-site scripting In keycloak-connect

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Aliases

1. CVE-2022-14382. NVD-2022-14383. OSV-2022-14384. GHSA-w354-2f3c-qvg95. GCVE-2022-14386. access.redhat.com7. access.redhat.com8. access.redhat.com9. access.redhat.com10. access.redhat.com11. ACCESS-CVE-2022-143812. ACCESS-cve-2022-1438

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=20319042. https://github.com/keycloak/keycloak/security/advisories/GHSA-w354-2f3c-qvg93. https://github.com/keycloak/keycloak/blob/48835576daa158443f69917ac309e1a7c951bc87/services/src/main/java/org/keycloak/authentication/AuthenticationProcessor.java#L1045

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.