What the vulnerability does

01Description

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.

Key dates

02Disclosure timeline

March 29, 2023 CVE published
August 2, 2024 Record updated