Описание
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Build of Keycloak | org.wildfly.core/wildfly-core-management-subsystem | Will not fix | ||
| Red Hat Fuse 7 | org.wildfly.core/wildfly-core-management-subsystem | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | org.wildfly.core/wildfly-core-management-subsystem | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | org.wildfly.core/wildfly-core-management-subsystem | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7.4.23 | org.wildfly.core/wildfly-core-management-subsystem | Fixed | RHSA-2025:10931 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-activemq-artemis | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-apache-cxf | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-artemis-native | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-elytron-web | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-glassfish-jsf | Fixed | RHSA-2025:10925 | 14.07.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
A vulnerability was found in Wildfly, where a user may perform Cross-s ...
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.
EPSS
6.1 Medium
CVSS3