logo

Database

Reflected cross-site scripting (XSS) In org.keycloak:keycloak-parent

Description

Keycloak Reflected XSS It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-121582. NVD-2017-121583. OSV-2017-121584. GCVE-2017-121585. access.redhat.com6. access.redhat.com7. access.redhat.com

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=14891612. https://web.archive.org/web/20210124114020/http://www.securityfocus.com/bid/101618

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.