Описание
A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.
Меры по смягчению последствий
Currently, no mitigation is available for this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform Expansion Pack | org.jboss.hal-hal-parent | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7.4.23 | org.jboss.hal-hal-parent | Fixed | RHSA-2025:10931 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-activemq-artemis | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-apache-cxf | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-artemis-native | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-elytron-web | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-glassfish-jsf | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-hal-console | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-hibernate-validator | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-ironjacamar | Fixed | RHSA-2025:10925 | 14.07.2025 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2355685org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console
4.6 Medium
CVSS3
Связанные уязвимости
nvd
6 месяцев назад
Rejected reason: This vulnerability is redundant to CVE-2025-23366 and CVE-2024-10234.
CVSS3: 4.6
github
4 месяца назад
HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store
4.6 Medium
CVSS3