CVE-2021-20222

HIGH

Keycloak 9.0.0-12.0.2 - Cross-Site Scripting via Referrer URL

Title source: llm

Description

A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References (1)

Core 1

Core References

Issue Tracking, Vendor Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=1924606

Scores

CVSS v3 7.5

EPSS 0.0044

EPSS Percentile 63.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-20 CWE-79

Status published

Products (2)

org.keycloak/keycloak-parent 9.0.0 - 12.0.3Maven

redhat/keycloak 9.0.0 - 13.0.0

Published Mar 23, 2021

Tracked Since Feb 18, 2026