GHSA-xpgc-j48j-jwv9

Suggest an improvement
Source
https://github.com/advisories/GHSA-xpgc-j48j-jwv9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-xpgc-j48j-jwv9/GHSA-xpgc-j48j-jwv9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xpgc-j48j-jwv9
Aliases
Published
2022-03-26T00:00:31Z
Modified
2023-11-08T04:04:37.052063Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross-site Scripting in Keycloak
Details

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak version 15. The issue was fixed in version 17.0.0.

References

Affected packages

Maven / org.keycloak:keycloak-core

Package

Name
org.keycloak:keycloak-core
View open source insights on deps.dev
Purl
pkg:maven/org.keycloak/keycloak-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15.0.0
Fixed
17.0.0

Affected versions

15.*

15.0.0
15.0.1
15.0.2
15.1.0
15.1.1

16.*

16.0.0
16.1.0
16.1.1