CVE-2021-20323

Name of the Vulnerable Software and Affected Versions Keycloak versions prior to 17.0.0

Description A POST based reflected Cross Site Scripting vulnerability has been identified in Keycloak. The issue exists due to inadequate protection of the web page structure, allowing a remote attacker to execute arbitrary code. The vulnerability can be exploited via a reflected XSS attack.

Recommendations For Keycloak versions prior to 17.0.0, update to version 17.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to vulnerable API endpoints until a patch is available. Avoid using the Content-Type header with the value application/json in the affected API endpoint until the issue is resolved.