Description
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=2073157
https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
https://herolab.usd.de/security-advisories/usd-2021-0033/
Related Vulnerabilities
CVE-2023-25572 Vulnerability in maven package org.webjars.npm:ra-ui-materialui
CVE-2012-3536 Vulnerability in maven package org.apache.james.hupa:hupa-server
CVE-2020-7020 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2022-25892 Vulnerability in npm package hummus
CVE-2022-23620 Vulnerability in maven package org.xwiki.platform:xwiki-platform-skin-skinx