Описание
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.
Отчет
This flaw does not affect Red Hat CodeReady Studio 12 because it uses the Wildfly client only. The domain mode is not used.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat AMQ Broker 7 | wildfly | Not affected | ||
| Red Hat build of Quarkus | wildfly | Fix deferred | ||
| Red Hat CodeReady Studio 12 | wildfly | Not affected | ||
| Red Hat Data Grid 8 | wildfly | Fix deferred | ||
| Red Hat Decision Manager 7 | wildfly | Not affected | ||
| Red Hat Integration Camel K 1 | wildfly | Not affected | ||
| Red Hat Integration Camel Quarkus 1 | wildfly | Not affected | ||
| Red Hat Integration Service Registry | wildfly | Not affected | ||
| Red Hat JBoss Data Grid 7 | wildfly | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | wildfly | Affected |
Показывать по
Дополнительная информация
Статус:
3.5 Low
CVSS3
Связанные уязвимости
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
A flaw was found in Wildfly in versions before 23.0.2.Final while crea ...
3.5 Low
CVSS3