logo

Database

Server side cross-site scripting In org.keycloak:keycloak-core

Description

Keycloak allows cross-site scripting (XSS) A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-40282. NVD-2024-40283. OSV-2024-40284. GCVE-2024-40285. ACCESS-CVE-2024-4028

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=2276418

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.