Search for vulnerabilities
Vulnerability details: VCID-bv9z-gxuw-aaas
Vulnerability ID VCID-bv9z-gxuw-aaas
Aliases CVE-2022-1274
GHSA-m4fv-gm5m-4725
GMS-2023-528
Summary HTML Injection in Keycloak Admin REST API
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.6 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00075 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.0058 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.0058 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.0058 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00758 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.00785 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
epss 0.01239 https://api.first.org/data/v1/epss?cve=CVE-2022-1274
cvssv3.1 5.4 https://bugzilla.redhat.com/show_bug.cgi?id=2073157
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2073157
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-m4fv-gm5m-4725
cvssv3.1 6.8 https://github.com/keycloak/keycloak
generic_textual HIGH https://github.com/keycloak/keycloak
cvssv3.1 5.4 https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
generic_textual MODERATE https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
cvssv3.1 5.4 https://github.com/keycloak/keycloak/pull/16764
generic_textual MODERATE https://github.com/keycloak/keycloak/pull/16764
cvssv3.1_qr MODERATE https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
cvssv3.1 5.4 https://herolab.usd.de/security-advisories/usd-2021-0033
generic_textual MODERATE https://herolab.usd.de/security-advisories/usd-2021-0033
cvssv3 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1274
cvssv3.1 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1274
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json
https://api.first.org/data/v1/epss?cve=CVE-2022-1274
https://bugzilla.redhat.com/show_bug.cgi?id=2073157
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
https://github.com/keycloak/keycloak/pull/16764
https://herolab.usd.de/security-advisories/usd-2021-0033
https://herolab.usd.de/security-advisories/usd-2021-0033/
cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
CVE-2022-1274 https://nvd.nist.gov/vuln/detail/CVE-2022-1274
GHSA-m4fv-gm5m-4725 https://github.com/advisories/GHSA-m4fv-gm5m-4725
GHSA-m4fv-gm5m-4725 https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1274.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2073157
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/commit/fc3c61235fa30132123c17ed8702ff7b3a672fe9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/pull/16764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://herolab.usd.de/security-advisories/usd-2021-0033
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1274
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-1274
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.34752
EPSS Score 0.00075
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.