Low severityNVD Advisory· Published May 20, 2021· Updated Aug 3, 2024
CVE-2021-3536
CVE-2021-3536
Description
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.wildfly:wildfly-parentMaven | < 23.0.2.Final | 23.0.2.Final |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-v2wx-jj66-2hp7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3536ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.