A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1919143 | Issue Tracking Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1919143 | Issue Tracking Vendor Advisory |
Configurations
History
21 Nov 2024, 05:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1919143 - Issue Tracking, Vendor Advisory |
Information
Published : 2021-05-28 11:15
Updated : 2024-11-21 05:46
NVD link : CVE-2021-20195
Mitre link : CVE-2021-20195
CVE.ORG link : CVE-2021-20195
JSON object : View
Products Affected
redhat
- keycloak