Home > Vulnerability Database > CVE-2021-20195

Mend.io Vulnerability Database

CVE-2021-20195

Good to know:

Date: May 28, 2021

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover is possible due to user-supplied data fields not being properly encoded and Javascript code being used to process the data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Language: Java

Severity Score

9.6

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-20195

Url: https://github.com/keycloak/keycloak/commit/87422b77aee787c6c55ca22fde31c60bcfe4c7f7

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1919143

Url: https://www.mend.io/vulnerability-database/CVE-2021-20195

Severity Score

9.6

Weakness Type (CWE)

Improper Encoding or Escaping of Output

CWE-116

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version 12.0.3

Learn More

CVSS v3.1

Base Score:	9.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-20195

Good to know:

Date: May 28, 2021

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?