CVE-2022-0225: 
Java vulnerability analysis and mitigation

A stored Cross-site Scripting (XSS) vulnerability was discovered in Keycloak, identified as CVE-2022-0225. The vulnerability affects all versions of Keycloak prior to 20.0.0, including version 16.0.1. The flaw allows a privileged attacker to inject malicious payload as the group name while creating a new group from the admin console (GitHub Advisory, CVE Mitre).

The vulnerability exists in the "Groups" dropdown functionality within the "Add user" section of the Keycloak admin console. The issue stems from improper escaping of group names, which allows for the injection of malicious scripts. The vulnerability was discovered to be exploitable through the group creation process, where an attacker could insert malicious payloads that would be triggered when viewing the groups dropdown (Red Hat Bugzilla).

The successful exploitation of this vulnerability could allow privileged attackers to execute malicious scripts in the admin console and potentially steal data from other users. The impact is considered moderate to low due to the requirement of privileged credentials for exploitation (GitHub Advisory).

The vulnerability has been patched in Keycloak version 20.0.0. Red Hat has released several security updates to address this issue across different versions of Red Hat Single Sign-On, including versions 7.5 and 7.6. Users are advised to upgrade to the patched versions through the available security updates (Red Hat Errata).