Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
Package
Affected versions
< 3.7.7.Final
Patched versions
3.7.7.Final
Description
Published to the GitHub Advisory Database
Dec 23, 2024
Reviewed
Dec 23, 2024
Last updated
Dec 23, 2024
A vulnerability was found in the WildFly management console. A user may perform cross-site scripting in the deployment system. An attacker (or insider) may execute a malicious payload which could trigger an undesired behavior against the server.
Impact
Cross-site scripting (XSS) vulnerability in the management console.
Patches
Fixed in HAL 3.7.7.Final
Workarounds
No workaround available
References
See also: https://issues.redhat.com/browse/WFLY-19969
References