Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02NGdwLXI3NTgtOHBmbc4ABCrX
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
A vulnerability was found in the WildFly management console. A user may perform cross-site scripting in the deployment system. An attacker (or insider) may execute a malicious payload which could trigger an undesired behavior against the server.
Impact
Cross-site scripting (XSS) vulnerability in the management console.
Patches
Fixed in HAL 3.7.7.Final
Workarounds
No workaround available
References
See also: https://issues.redhat.com/browse/WFLY-19969
Permalink: https://github.com/advisories/GHSA-64gp-r758-8pfmJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02NGdwLXI3NTgtOHBmbc4ABCrX
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 month ago
Updated: about 1 month ago
Identifiers: GHSA-64gp-r758-8pfm
References:
- https://github.com/hal/console/security/advisories/GHSA-64gp-r758-8pfm
- https://github.com/hal/console/releases/tag/v3.7.7
- https://issues.redhat.com/browse/WFLY-19969
- https://github.com/advisories/GHSA-64gp-r758-8pfm
Blast Radius: 0.0
Affected Packages
maven:org.jboss.hal:hal-console
Dependent packages: 9Dependent repositories: 43
Downloads:
Affected Version Ranges: < 3.7.7.Final
Fixed in: 3.7.7.Final
All affected versions:
All unaffected versions: