Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an malicious user to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat keycloak |
||
redhat single sign-on |
||
redhat single sign-on - |
||
redhat openshift container platform 4.11 |
||
redhat openshift container platform 4.12 |
||
redhat openshift container platform for ibm linuxone 4.9 |
||
redhat openshift container platform for ibm linuxone 4.10 |
||
redhat openshift container platform for power 4.9 |
||
redhat openshift container platform for power 4.10 |