Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-1697 Vulnerability in maven package org.keycloak:keycloak-server-spi-private

Description

It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697

Related Vulnerabilities

CVE-2023-25763 Vulnerability in maven package org.jenkins-ci.plugins:email-ext

CVE-2018-25050 Vulnerability in maven package org.webjars.npm:chosen-js

CVE-2021-25931 Vulnerability in maven package org.opennms:opennms-webapp

CVE-2019-10372 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-oauth

CVE-2022-4565 Vulnerability in maven package cn.hutool:hutool-core

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Issue Tracking Third Party Advisory