GHSA-64gp-r758-8pfm

Опубликовано: 23 дек. 2024

Источник: github

Github: Прошло ревью

CVSS4: 6.9

Описание

Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment

A vulnerability was found in the WildFly management console. A user may perform cross-site scripting in the deployment system. An attacker (or insider) may execute a malicious payload which could trigger an undesired behavior against the server.

Impact

Cross-site scripting (XSS) vulnerability in the management console.

Patches

Fixed in HAL 3.7.7.Final

Workarounds

No workaround available

References

Ссылки

https://github.com/hal/console/security/advisories/GHSA-64gp-r758-8pfm
https://github.com/hal/console/releases/tag/v3.7.7
https://issues.redhat.com/browse/WFLY-19969

Пакеты

Наименование

org.jboss.hal:hal-console

maven

Затронутые версииВерсия исправления

< 3.7.7.Final

3.7.7.Final

6.9 Medium

CVSS4

Дефекты

CWE-1395

CWE-79

6.9 Medium

CVSS4

Дефекты

CWE-1395

CWE-79