CVE-2022-4137
CVE-2022-4137 is a reflected XSS in Keycloak’s oob OAuth endpoint caused by incorrect null-byte handling. A malicious link can insert an arbitrary URI into a Keycloak error page, and exploitation requires user interaction, potentially compromising user details. Connected sources identify this vul...