Description
Keycloak is vulnerable to XSS (cross-site scripting). The 'clients-registrations' endpoint does not properly sanitize user input. This vulnerability is not exploitable in the default configuration as it requires "Content-Type: application/json" in the request.
Remediation
Upgrade to the latest version of Keycloak