Keycloak allows cross-site scripting (XSS)

GHSA-q4xq-445g-g6ch · CVE-2024-4028

Published Feb 18, 2025 · Modified Feb 4, 2026

Description

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-4028
WEB https://access.redhat.com/security/cve/CVE-2024-4028
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2276418
PACKAGE https://github.com/keycloak/keycloak

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes