Description
Keycloak is vulnerable to XSS (cross-site scripting). The 'clients-registrations' endpoint does not properly sanitize user input. This vulnerability is not exploitable in the default configuration as it requires "Content-Type: application/json" in the request.
Remediation
Upgrade to the latest version of Keycloak
References
Related Vulnerabilities
WordPress Plugin WordPress Content Slide Multiple Vulnerabilities (1.4.2)
Cross Site Scripting (globalmetadata) (CMS Made Simple)
WordPress Plugin SagePay Server Gateway for WooCommerce Cross-Site Scripting (1.0.8)
Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.2.2)
WordPress Plugin PhotoXhibit Multiple Cross-Site Scripting Vulnerabilities (2.1.8)