Description
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=2073157
https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
https://herolab.usd.de/security-advisories/usd-2021-0033/
Related Vulnerabilities
CVE-2023-34189 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2022-44729 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge
CVE-2022-4640 Vulnerability in maven package net.mingsoft:ms-mcms
CVE-2022-34786 Vulnerability in maven package org.jenkins-ci.plugins:rich-text-publisher-plugin
CVE-2021-39235 Vulnerability in maven package org.apache.ozone:ozone-main