Launch Week Day 1: Announcing Security Design Review
Start for Free
MEDIUM 6.1 Maven

Cross-site Scripting in Keycloak

GHSA-hgpg-593r-hhvp · CVE-2020-10748

Published · Modified

Description

A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes