Mulliken

**Name of the Vulnerable Software and Affected Versions** Keycloak versions (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability in Keycloak, an open-source identity and access management solution. This vulnerability can be exploited by setting the `AssertionConsumerServiceURL` value or the `redirect uri`, allowing an attacker to execute malicious scripts. The vulnerability is also related to the lack of filtering of a non-existent web page name when generating a 404 error page, which can lead to the execution of arbitrary scripts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw was found in Keycloak, where under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability. This issue can be exploited by an attacker to conduct a Cross-site scripting attack. The vulnerability is related to insufficient protection measures for the web page structure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.