VYPR
Medium severity6.4NVD Advisory· Published Sep 20, 2023· Updated Jun 17, 2026

CVE-2022-1438

CVE-2022-1438

Description

A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-servicesMaven
<= 21.0.0

Affected products

6
  • Red Hat/Single Sign Oncpe-rescue4 versions
    cpe:/a:redhat:red_hat_single_sign_on:7.6+ 3 more
    • cpe:/a:redhat:red_hat_single_sign_on:7.6
    • cpe:/a:redhat:red_hat_single_sign_on:7.6::el7range: 0:18.0.6-1.redhat_00001.1.el7sso
    • cpe:/a:redhat:red_hat_single_sign_on:7.6::el8range: 0:18.0.6-1.redhat_00001.1.el8sso
    • cpe:/a:redhat:red_hat_single_sign_on:7.6::el9range: 0:18.0.6-1.redhat_00001.1.el9sso
  • Red Hat/RHEL-8 based Middleware Containersv5
    cpe:/a:redhat:rhosemc:1.0::el8
    Range: 7.6-20
  • ghsa-coords
    Range: <= 21.0.0

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.