5.2 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.3%
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.