org.keycloak:keycloak-themes@15.1.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.keycloak:keycloak-themes package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the `oob` OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker. How to fix Cross-site Scripting (XSS)? Upgrade `org.keycloak:keycloak-themes` to version 21.0.0 or higher.	[,21.0.0)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `execute-actions-email` endpoint in the admin REST API. Users can inject HTML into emails sent to other users. How to fix Cross-site Scripting (XSS)? Upgrade `org.keycloak:keycloak-themes` to version 20.0.4 or higher.	[,20.0.4)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. How to fix Cross-site Scripting (XSS)? Upgrade `org.keycloak:keycloak-themes` to version 19.0.2 or higher.	[,19.0.2)