CVE-2021-20195

Name of the Vulnerable Software and Affected Versions: keycloak versions prior to 13.0.0

Description: A flaw in keycloak allows for a Self Stored XSS attack vector, which can escalate to a complete account takeover. This is due to user-supplied data fields not being properly encoded and the use of Javascript code to process the data. The highest threat from this issue is to data confidentiality and integrity, as well as system availability.

Recommendations: For versions prior to 13.0.0, update to version 13.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of user-supplied data fields in Javascript code until a patch is available. Restrict access to sensitive data and functions to minimize the risk of exploitation.