VDB
CVE-2022-1274
CVE-2022-1274
PUBLISHED
CVSS 5.400000095367432 MEDIUM
Reported by redhat · Published March 29, 2023
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.
Risk Scores
CVSS 3.1
5.400000095367432
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | keycloak | unknown |
| n/a | keycloak | unknown, unknown, unknown |
| Maven | org.keycloak:keycloak-core | 0, 0, 0 |
Timeline
- Feb 27, 2023 CVE Published
- Mar 30, 2023 EPSS Score
- May 7, 2023 EPSS Score
- Jun 14, 2023 EPSS Score
- Jul 23, 2023 EPSS Score
- Aug 30, 2023 EPSS Score
- Oct 7, 2023 EPSS Score
- Nov 14, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
- Jan 29, 2024 EPSS Score
- Mar 8, 2024 EPSS Score
- Apr 15, 2024 EPSS Score