We received the below Vulnerability Alert about Keycloak.
we need to know if the version of Keycloak delivered with DevTest 10.6 is affected by this.
Vulnerability Finding ID: VUF-22995229
Vulnerability Finding Name: Red Hat Keycloak New Account Console Referrer URL Reflected XSS
Discussion: Red Hat Keycloak New Account Console Referrer URL Reflected XSS. Red Hat Keycloak contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the new account console does not properly sanitize input to the referrer URL before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that executes arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
CVSS Score: 4.3
Product: Red Hat [Keycloak (12.0.2)]
CA Service Virtualization