Description
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1836786
Related Vulnerabilities
CVE-2023-38700 Vulnerability in npm package matrix-appservice-irc
CVE-2023-48241 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-solr-query
CVE-2023-46656 Vulnerability in maven package igalg.jenkins.plugins:multibranch-scan-webhook-trigger
CVE-2023-27025 Vulnerability in maven package com.ruoyi:ruoyi-quartz
CVE-2023-31098 Vulnerability in maven package org.apache.inlong:manager-pojo