GHSA-755v-r4x4-qf7m — Vulnetix

GHSA-755v-r4x4-qf7m PUBLISHED CVSS 8.5 HIGH

Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown

Risk Scores

CVSS v4.0

8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Maven	org.keycloak:keycloak-core	0, 1.0-alpha-1-12062013, 1.0-alpha-2

Timeline

Nov 29, 2022 CVE Published
Mar 2, 2026 Security Advisory
Mar 13, 2026 CVE Updated

References

https://github.com/keycloak/keycloak/security/advisories/GHSA-755v-r4x4-qf7m url
https://github.com/keycloak/keycloak product
GitHub Advisory GHSA-755v-r4x4-qf7m vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-0225 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2040268 url
GitHub Advisory GHSA-fqc7-5xxc-ph7r vendor-advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›