A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1948001 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-05-20 13:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-3536
Mitre link : CVE-2021-3536
CVE.ORG link : CVE-2021-3536
JSON object : View
Products Affected
redhat
- integration_camel_k
- descision_manager
- jboss_a-mq
- data_grid
- build_of_quarkus
- integration_service_registry
- jboss_enterprise_application_platform
- integration_camel_quarkus
- wildfly
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')