CRITICAL🇬🇧 English

CVE-2021-20195

CVSS 9.6v3.1pub. 2021-05-28upd. 2024-11-21

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Red Hat Keycloak

    APP
    Redhat
    < 12.0.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2022-4361CRITICAL10.0ten sam produkt

Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerabili...

CVE-2022-3782CRITICAL9.1ten sam produkt

keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly val...

CVE-2022-1245CRITICAL9.8ten sam produkt

A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows ...

CVE-2019-14837CRITICAL9.1ten sam produkt

A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail serve...

CVE-2019-14910CRITICAL9.8ten sam produkt

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS ...