Arbitrary HTML Injection in Keycloak's execute-actions-email Endpoint
CVE-2022-1274 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.