Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an malicious user to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat keycloak |
||
redhat single_sign-on |
||
redhat single sign-on - |
||
redhat openshift_container_platform 4.11 |
||
redhat openshift_container_platform 4.12 |
||
redhat openshift_container_platform_for_ibm_linuxone 4.9 |
||
redhat openshift_container_platform_for_ibm_linuxone 4.10 |
||
redhat openshift_container_platform_for_power 4.9 |
||
redhat openshift_container_platform_for_power 4.10 |