A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat single sign-on - |
||
redhat keycloak |
||
redhat single_sign-on |
||
redhat openshift_container_platform 4.9 |
||
redhat openshift_container_platform 4.10 |