CVE-2021-20323 Description Keycloak before 1800 and after 1000 contains a reflected XSS on the clients-registrations endpoint The bug is triggered by providing, by POST, a json structure with a key as parameter name that is not supported by the endpoint The response return reflects the json key in an error message and with header set as Content-Type: text/html When execu