CVE-2020-10748 — Cross-site Scripting in Redhat Keycloak
Severity
6.1MEDIUMNVD
EPSS
0.4%
top 42.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 16
Latest updateDec 15
Description
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages3 packages
🔴Vulnerability Details
4📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2020-10748 keycloak: top-level navigations to data URLs resulting in XSS are possible (incomplete fix of CVE-2020-1697)↗2020-05-18