CVE-2024-4028: Improper Input Validation
A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.
CVE-2024-4028: Improper Input Validation
Description
A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2024-04-22T13:34:50.988Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 692013a1ce2640f942c6ad4d
Added to database: 11/21/2025, 7:24:17 AM
Last updated: 11/21/2025, 7:24:26 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-4629: Improper Enforcement of a Single, Unique Action
MediumCVE-2024-6501: Uncontrolled Resource Consumption
LowCVE-2024-6126: Uncontrolled Resource Consumption
LowCVE-2024-5967: Incorrect Default Permissions
LowCVE-2024-5742: Improper Link Resolution Before File Access ('Link Following')
MediumActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.