Description

Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC AssertionConsumerServiceURL is a Java implementation for SAML Service Providers (org.keycloak.protocol.saml). Affected versions of this package are vulnerable to Cross-site Scripting (XSS).

AssertionConsumerServiceURL allows XSS when sending a crafted SAML XML request.

Mitigation

Aliases

References