CVE-2022-1438

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw was found in Keycloak, where under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability. This issue can be exploited by an attacker to conduct a Cross-site scripting attack. The vulnerability is related to insufficient protection measures for the web page structure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.