Reflected Cross-site Scripting (XSS)

🗓️ 27 Oct 2017 01:24:27Reported by Veracode Vulnerability DatabaseType

Keycloak services vulnerable to reflected cross-site scripting attack

Reporter	Title	Published	Views	Family All 31
Chainguard	CVE-2017-12158 vulnerabilities	12 Jan 202601:24	–	cgr
CNVD	Red Hat Keycloak Cross-Site Scripting Vulnerability	27 Oct 201700:00	–	cnvd
CVE	CVE-2017-12158	26 Oct 201717:00	–	cve
Cvelist	CVE-2017-12158	26 Oct 201717:00	–	cvelist
EUVD	EUVD-2022-5267	3 Oct 202520:07	–	euvd
Github Security Blog	Keycloak Reflected XSS	13 May 202201:38	–	github
NVD	CVE-2017-12158	26 Oct 201717:29	–	nvd
OSV	CGA-4W2C-V5HW-5V5C	6 Jun 202412:22	–	osv
OSV	CGA-V4RP-X7W9-P25F	12 Jan 202601:07	–	osv
OSV	CLEANSTART-2026-FA60324 It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session	15 Apr 202600:42	–	osv

Vulners

Node

rh-sso7-keycloak rh-sso7-keycloakMatch2.5.10_1.final_redhat_1.1.jbcs.el6

rh-sso7-keycloak rh-sso7-keycloakMatch2.5.5_2.final_redhat_1.1.jbcs.el6

rh-sso7-keycloak rh-sso7-keycloakMatch2.4.0_4.final_redhat_1.1.jbcs.el6

rh-sso7-keycloak rh-sso7-keycloakMatch2.5.7_1.final_redhat_2.1.jbcs.el6

rh-sso7-keycloak rh-sso7-keycloakMatch2.5.7_1.final_redhat_2.1.jbcs.el7

rh-sso7-keycloak rh-sso7-keycloakMatch2.5.10_1.final_redhat_1.1.jbcs.el7

rh-sso7-keycloak rh-sso7-keycloakMatch2.4.0_4.final_redhat_1.1.jbcs.el7

rh-sso7-keycloak rh-sso7-keycloakMatch2.5.5_2.final_redhat_1.1.jbcs.el7

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/keycloak/keycloak/commit/d9ffc4fa211bbf2aae49449cb58e02b6ea8cd299
securityfocus	www.securityfocus.com/bid/101618
access	www.access.redhat.com/errata/RHSA-2017:2904
access	www.access.redhat.com/errata/RHSA-2017:2905
access	www.access.redhat.com/errata/RHSA-2017:2906
issues	www.issues.jboss.org/browse/KEYCLOAK-5225

10 Oct 2019 03:05Current

5.7Medium risk

Vulners AI Score5.7

CVSS 23.5

CVSS 35.4

EPSS0.00483