Keycloak-core: stored xss in keycloak when creating a items in admin console

A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

输入验证不恰当

Keycloak 输入验证错误漏洞

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在输入验证错误漏洞，该漏洞源于管理员创建资源时对恶意有效载荷处理不当，会导致存储型跨站脚本攻击。

N/A

N/A