CVE-2022-2256
N/A
N/A
Summary
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | keycloak | keycloak as shipped in Red Hat Single Sign-On 7 | affected |
Weaknesses
- CWE-79: CWE-79
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=2101942
- https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2101942
- https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.