Description
A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer URL. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1924606
Related Vulnerabilities
CVE-2023-29519 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui
CVE-2016-7103 Vulnerability in maven package org.fujion.webjars:jquery-ui
CVE-2023-25653 Vulnerability in npm package node-jose
CVE-2022-36900 Vulnerability in maven package com.compuware.jenkins:compuware-zadviser-api
CVE-2018-3774 Vulnerability in maven package org.webjars.npm:url-parse