Lucene search
Veracode Vulnerability DatabaseVERACODE:34889HistoryMar 31, 2022 - 6:41 a.m.
Cross-Site Scripting (XSS)
2022-03-3106:41:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.003 Low
EPSS
Percentile
70.1%
Keycloak Core is vulnerable to reflected cross-site scripting. The vulnerability exists via the POST http requests due to lack of escaping which allows a malicious attacker to inject and execute arbitrary javascript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| keycloak core | le | 16.1.1 | |
| keycloak core | le | 16.1.1 |
Related
hackerone
hackerone
U.S. Dept Of Defense: Reflected XSS via Keycloak on ███ [CVE-2021-20323]
2023-10-22 20:58:33
osv
osv
Cross-site Scripting in Keycloak
2022-03-26 00:00:31
CVE-2021-20323
2022-03-25 19:15:08
nuclei
nuclei
Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
2022-12-07 21:34:02
github
github
Cross-site Scripting in Keycloak
2022-03-26 00:00:31
cve
cve
CVE-2021-20323
2022-03-25 19:15:08
redhatcve
redhatcve
CVE-2021-20323
2022-01-27 13:19:35
prion
prion
Cross site scripting
2022-03-25 19:15:00
nvd
nvd
CVE-2021-20323
2022-03-25 19:15:08
cvelist
cvelist
CVE-2021-20323
2022-03-25 18:03:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Redhat Keycloak
2024-01-11 16:02:07
redhat
redhat
(RHSA-2022:0407) Important: Red Hat Single Sign-On 7.5.1 security update
2022-02-02 14:41:49