CVE-2022-1438 - CERT CVE
ID CVE-2022-1438
Sažetak A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.
Reference
CVSS
Base: 4.8
Impact: 2.7
Exploitability:1.7
Pristup
VektorSloženostAutentikacija
NETWORK LOW -
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Zadnje važnije ažuriranje 07-11-2023 - 03:41
Objavljeno 20-09-2023 - 14:15