Vulnerability Details CVE-2020-10748
A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-10748
-
cpe:2.3:a:redhat:keycloak:10.0.1
-
cpe:2.3:a:redhat:single_sign-on:-
-
cpe:2.3:a:redhat:single_sign-on:7.0
-
cpe:2.3:a:redhat:single_sign-on:7.1
-
cpe:2.3:a:redhat:single_sign-on:7.2
-
cpe:2.3:a:redhat:single_sign-on:7.3
-
cpe:2.3:a:redhat:single_sign-on:7.3.2
-
cpe:2.3:a:redhat:single_sign-on:7.3.3
-
cpe:2.3:a:redhat:single_sign-on:7.3.5
-
cpe:2.3:a:redhat:single_sign-on:7.4