Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
- https://herolab.usd.de/security-advisories/usd-2021-0033/
- https://github.com/shoucheng3/keycloak__keycloak_CVE-2022-1274_20-0-3