CVE-2021-3536
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
20/05/2021
Last modified:
26/05/2021
Description
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
Impact
Base Score 3.x
4.80
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:* | 23.0.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page