Search for vulnerabilities
| Vulnerability ID | VCID-675z-39ka-s3as |
| Aliases |
CVE-2020-1697
GHSA-8vf3-4w62-m3pq |
| Summary | XSS in Keycloak It was found in all keycloak versions before 9.0.0 that links to external applications (Application Links) in the admin console are not validated properly and could allow Stored XSS attacks. An authed malicious user could create URLs to trick users in other realms, and possibly conduct further attacks. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1697.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2020-1697 | ||
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1697 | ||
| https://nvd.nist.gov/vuln/detail/CVE-2020-1697 | ||
| 1791538 | https://bugzilla.redhat.com/show_bug.cgi?id=1791538 | |
| cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* | https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* | |
| cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:* | https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:* | |
| GHSA-8vf3-4w62-m3pq | https://github.com/advisories/GHSA-8vf3-4w62-m3pq | |
| RHSA-2020:2252 | https://access.redhat.com/errata/RHSA-2020:2252 | |
| RHSA-2020:2905 | https://access.redhat.com/errata/RHSA-2020:2905 |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Exploitability (E) | Access Vector (AV) | Access Complexity (AC) | Authentication (Au) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|
high functional unproven proof_of_concept not_defined |
local adjacent_network network |
high medium low |
multiple single none |
none partial complete |
none partial complete |
none partial complete |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.51366 |
| EPSS Score | 0.00283 |
| Published At | July 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:46:04.452083+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-8vf3-4w62-m3pq/GHSA-8vf3-4w62-m3pq.json | 37.0.0 |