CVE-2022-4137 in Keycloak
Summary
by MITRE • 09/25/2023
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.
VulDB is the best source for vulnerability data and more expert information about this specific topic.