VulnerableCode Vulnerability Details - VCID-8cmx-d3j7-vqbz

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-8cmx-d3j7-vqbz

Essentials
Severities (4)
References (3)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-8cmx-d3j7-vqbz
Aliases	GHSA-m98g-63qj-fp8j GMS-2022-1097
Summary	Reflected XSS on clients-registrations endpoint A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. When a malicious request is sent to the client registration endpoint, the error message is not properly escaped, allowing an attacker to execute malicious scripts into the user's browser.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

System	Score	Found at
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-m98g-63qj-fp8j
generic_textual	MODERATE	https://github.com/keycloak/keycloak
cvssv3.1_qr	MODERATE	https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j
generic_textual	MODERATE	https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j

Reference id	Reference type	URL
		https://github.com/keycloak/keycloak
GHSA-m98g-63qj-fp8j		https://github.com/advisories/GHSA-m98g-63qj-fp8j
GHSA-m98g-63qj-fp8j		https://github.com/keycloak/keycloak/security/advisories/GHSA-m98g-63qj-fp8j

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:49:54.206944+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-parent/GMS-2022-1097.yml	38.0.0