CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-0225

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.3%

CVSS Severity

CVSS v3 Score 5.4

References

https://bugzilla.redhat.com/show_bug.cgi?id=2040268
https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m
https://bugzilla.redhat.com/show_bug.cgi?id=2040268
https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m

Products affected by CVE-2022-0225

Redhat » Keycloak » Version: N/A

cpe:2.3:a:redhat:keycloak:-
Redhat » Single Sign-On » Version: 7.0

cpe:2.3:a:redhat:single_sign-on:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-0225

Products

Pricing

Contact Us