A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1948001 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-05-20 06:15
Updated : 2021-05-26 08:02
NVD link : CVE-2021-3536
Mitre link : CVE-2021-3536
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
redhat
- wildfly
- jboss_enterprise_application_platform
- build_of_quarkus
- data_grid
- jboss_a-mq
- descision_manager
- integration_camel_k
- integration_camel_quarkus
- integration_service_registry