Description
A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1847428
Related Vulnerabilities
CVE-2022-36904 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector
CVE-2022-34179 Vulnerability in maven package org.jenkins-ci.plugins:embeddable-build-status
CVE-2020-14366 Vulnerability in maven package org.keycloak:keycloak-services