A flaw was found in Keycloak’s data filter, in version 10.0.1, where it allowed the processing of data URLs in some circumstances. This flaw allows an attacker to conduct cross-site scripting or further attacks.
CPE | Name | Operator | Version |
---|---|---|---|
keycloak | eq | 10.0.1 | |
single_sign-on | lt | 7.4.1 |