Keycloak Core is vulnerable to reflected cross-site scripting. The vulnerability exists via the POST http requests due to lack of escaping which allows a malicious attacker to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
keycloak core | le | 16.1.1 | |
keycloak core | le | 16.1.1 |