CVE-2020-10776 — Cross-site Scripting in Redhat Keycloak

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

4.8MEDIUMNVD

EPSS

0.3%

top 49.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Keycloak

Timeline

PublishedNov 17

Latest updateFeb 9

Description

A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDredhat/keycloak< 12.0.0

▶CVEListV5redhat/keycloakbefore version 12.0.0

🔴Vulnerability Details

OSV

Cross-site Scripting in keycloak↗2022-02-09

▶

GHSA

Cross-site Scripting in keycloak↗2022-02-09

▶

CVEList

CVE-2020-10776: A flaw was found in Keycloak before version 12↗2020-11-17

▶

📋Vendor Advisories

Red Hat

keycloak: OIDC redirect_uri allows dangerous schemes resulting in potential XSS↗2020-11-04

▶

💬Community

Bugzilla

CVE-2020-10776 keycloak: OIDC redirect_uri allows dangerous schemes resulting in potential XSS↗2020-06-16

▶