CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-2256

A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.2%

CVSS Severity

CVSS v3 Score 3.8

References

https://bugzilla.redhat.com/show_bug.cgi?id=2101942
https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49
https://bugzilla.redhat.com/show_bug.cgi?id=2101942
https://github.com/keycloak/keycloak/security/advisories/GHSA-w9mf-83w3-fv49

Products affected by CVE-2022-2256

Redhat » Single Sign-On » Version: 7.0

cpe:2.3:a:redhat:single_sign-on:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-2256

Products

Pricing

Contact Us