vulnerability
Red Hat JBoss EAP: CVE-2021-3536: Cross-site Scripting
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Apr 12, 2021 | Sep 19, 2024 | Jul 2, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Apr 12, 2021
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.. A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-79
- CVE-2021-3536
- https://attackerkb.com/topics/CVE-2021-3536
- URL-https://access.redhat.com/security/cve/CVE-2021-3536
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1948001
- URL-https://access.redhat.com/errata/RHSA-2021:2692
- URL-https://access.redhat.com/errata/RHSA-2021:2693
- URL-https://access.redhat.com/errata/RHSA-2021:2694
- URL-https://access.redhat.com/errata/RHSA-2021:2696
- URL-https://access.redhat.com/errata/RHSA-2021:3656
- URL-https://access.redhat.com/errata/RHSA-2021:3658
- URL-https://access.redhat.com/errata/RHSA-2021:3660
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.