CVE-2022-4361

Name of the Vulnerable Software and Affected Versions Keycloak versions (affected versions not specified)

Description The issue is related to a cross-site scripting (XSS) vulnerability in Keycloak, an open-source identity and access management solution. This vulnerability can be exploited by setting the AssertionConsumerServiceURL value or the redirect uri, allowing an attacker to execute malicious scripts. The vulnerability is also related to the lack of filtering of a non-existent web page name when generating a 404 error page, which can lead to the execution of arbitrary scripts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.