logo

Database

Reflected cross-site scripting (XSS) In org.keycloak:keycloak-parent

Description

Reflected XSS on clients-registrations endpoint A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. When a malicious request is sent to the client registration endpoint, the error message is not properly escaped, allowing an attacker to execute malicious scripts into the user's browser.

Acknowledgement

Keycloak would like to thank Quentin TEXIER (Pentester at Opencyber) for reporting this issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GHSA-m98g-63qj-fp8j2. GCVE-GHSA-m98g-63qj-fp8j

References

1. https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.