How severe is CVE-2022-4137?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2022-4137?

This is classified as CWE-81, which is a common weakness in software security.

CVE-2022-4137 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.

Related Vulnerabilities

CVE-2019-25027

MEDIUM

CVSS:6.1(Medium)

Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 1...

CWE-812019

CVE-2022-4361

MEDIUM

CVSS:6.1(Medium)

Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malic...

CWE-812022

CVE-2024-6892

MEDIUM

CVSS:6.1(Medium)

Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.

CWE-812024

CVE-2025-24344

MEDIUM

CVSS:6.3(Medium)

A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-sid...

CWE-812025

CVE-2025-24344

MEDIUM

CVSS:6.3(Medium)

CWE-812025

CVE-2019-25027

MEDIUM

CVSS:6.1(Medium)

CWE-812019