CVE-2021-3536

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1948001 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-05-20 13:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-3536

Mitre link : CVE-2021-3536

CVE.ORG link : CVE-2021-3536


JSON object : View

Products Affected

redhat

  • wildfly
  • jboss_a-mq
  • integration_camel_k
  • jboss_enterprise_application_platform
  • integration_service_registry
  • build_of_quarkus
  • integration_camel_quarkus
  • data_grid
  • descision_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')