Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HRed Hat Enterprise Linux
OSRedhat7.08.09.0Red Hat Keycloak
APPRedhat< 21.1.2Red Hat OpenShift Container Platform
APPRedhat4.114.12Red Hat Openshift Container Platform For IBM Linuxone
APPRedhat4.104.9Red Hat Openshift Container Platform For Power
APPRedhat4.104.9Red Hat Single Sign On
APPRedhat7.6 – 7.6.4 (bez)
Related vulnerabilities
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. A...
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main...
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/...