A reflected cross-site scripting (XSS) vulnerability was found in the `oob` OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page.Read More
Keycloak Cross-site Scripting on OpenID connect login service
