Stored Cross-site scripting (XSS) vulnerability in Red Hat Single Sign-On 7's Keycloak Admin Console

Stored Cross-site scripting (XSS) vulnerability in Red Hat Single Sign-On 7's Keycloak Admin Console

CVE-2022-2256 · LOW Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.

Learn more about our Web Application Penetration Testing UK.