Improper Encoding or Escaping of Output in Keycloak - CVE-2021-20323
Published: April 25, 2022 / Updated: June 29, 2026
Keycloak
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary script in the user's browser.
The vulnerability exists due to improper encoding or escaping of output in the client registration endpoint when handling a malicious POST request. A remote attacker can send a specially crafted request to execute arbitrary script in the user's browser.