CVE-2021-3536

CVSS v3.1

3.8

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 23.0.2.Final

Description: A flaw was found in Wildfly while creating a new role in domain mode via the admin console, allowing a payload to be added in the name field, leading to XSS. This affects Confidentiality and Integrity.

Recommendations: For versions prior to 23.0.2.Final, update to version 23.0.2.Final or later to resolve the issue. As a temporary workaround, consider restricting access to the admin console to minimize the risk of exploitation. Avoid using the name field in the role creation process until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-WILDFLY-2021-3536

CVE-2021-3536

GHSA-V2WX-JJ66-2HP7

RHSA-2021:2692

RHSA-2021:2693

RHSA-2021:2694

RHSA-2021:3656

RHSA-2021:3658

Affected Products

Wildfly

CVE-2021-3536

Weakness Enumeration

Related Identifiers

Affected Products

References · 7