What the vulnerability does
01Description
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
CVSS base score
—
Key dates
02Disclosure timeline
November 17, 2020
CVE published
August 4, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2020-24443 Reflected Cross-Site Scripting (XSS) in Adobe Connect
CVE-2024-37360 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10886 Tribute Testimonials – WordPress Testimonial Grid/Slider <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2023-7315 Nagios XI < 5.11.3 XSS via Graph Explorer
CVE-2023-25837 BUG-000133088 - ArcGIS Enterprise site builder is subject to stored XSS.
