WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1697 Vulnerability in maven package org.keycloak:keycloak-server-spi-private

Description

It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697

Related Vulnerabilities

CVE-2019-14653 Vulnerability in npm package editor.md

CVE-2019-1003054 Vulnerability in maven package info.bluefloyd.jenkins:jenkins-jira-issue-updater

CVE-2023-26056 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-macro-context

CVE-2022-23812 Vulnerability in npm package node-ipc

CVE-2019-20364 Vulnerability in maven package org.igniterealtime.openfire:xmppserver

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Issue Tracking Third Party Advisory