Lucene search

PRIOn knowledge basePRION:CVE-2022-0225

HistoryAug 26, 2022 - 6:15 p.m.

Cross site scripting

2022-08-2618:15:00

PRIOn knowledge base

www.prio-n.com

keycloak

stored xss

admin console

security flaw

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

JSON

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.

CPENameOperatorVersion
single_sign-oneq7.0

CPE	Name	Operator	Version
	single_sign-on	eq	7.0

References

bugzilla.redhat.com/show_bug.cgi?id=2040268

github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m