CVE-2020-10776

CVSS v3.1 4.8 (Medium)

CVSS v2.0 3.5 (Low)

EPSS 0.05 % (24^th)

Affected Products 1

Advisories 1

A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2020-11-17 02:15:11
(3 years ago)
Updated Date: 2020-11-27 14:39:55
(3 years ago)

Affected Products

Redhat

Keycloak

Configuration #1

		CPE23	From	Up To
	Redhat Keycloak prior 12.0.0 version	cpe:2.3:a:redhat:keycloak		< 12.0.0