Reflected XSS on clients-registrations endpoint

GHSA-m98g-63qj-fp8j

Published Apr 28, 2022 · Modified Nov 28, 2024

Description

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. When a malicious request is sent to the client registration endpoint, the error message is not properly escaped, allowing an attacker to execute malicious scripts into the user's browser.

Acknowledgement

Keycloak would like to thank Quentin TEXIER (Pentester at Opencyber) for reporting this issue.

References

WEB https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j
PACKAGE https://github.com/keycloak/keycloak

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes