Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-20323 — Cross-site Scripting in Redhat Keycloak

Severity

6.1MEDIUMNVD

EPSS

66.1%

top 1.48%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedMar 25

Latest updateMay 3

Description

A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

GHSA

Cross-site Scripting in Keycloak↗2022-03-26

▶

OSV

Cross-site Scripting in Keycloak↗2022-03-26

▶

CVEList

CVE-2021-20323: A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak↗2022-03-25

▶

Nuclei

Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting

▶

Red Hat

keycloak-services: POST based reflected Cross Site Scripting vulnerability↗2021-10-14

▶

HackerOne

Reflected XSS via Keycloak on ███ [CVE-2021-20323]↗2024-05-03

▶