Arbitrary HTML Injection in Keycloak's execute-actions-email Endpoint

Arbitrary HTML Injection in Keycloak's execute-actions-email Endpoint

CVE-2022-1274 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.