CVE-2021-20222

CVSS v3.1 7.5 (High)

CVSS v2.0 5.1 (Medium)

EPSS 0.17 % (54^th)

Affected Products 1

Advisories 2

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Weaknesses

CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2021-03-23 17:15:13
(3 years ago)
Updated Date: 2022-10-21 20:11:47
(23 months ago)

Affected Products

Redhat

Keycloak

Configuration #1

		CPE23	From	Up To
	Redhat Keycloak from 9.0.0 version and prior 13.0.0 version	cpe:2.3:a:redhat:keycloak	>= 9.0.0	< 13.0.0