CVE-2021-3536

2021-05-2013:15:07

Google

osv.dev

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.0%

JSON

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

CPENameOperatorVersion
wildflyeq17.0.0.Final
wildflyeq10.0.0.Alpha4
wildflyeq7.0.0.Final-prerelease2
wildflyeq16.0.0.Final
wildflyeq7.1.1.Final
wildflyeq7.0.0.Alpha1-final
wildflyeq19.0.0.Beta1
wildflyeq7.1.0.Beta1
wildflyeq12.0.0.Final
wildflyeq23.0.0.Beta1

Name	Operator	Version
wildfly	eq	17.0.0.Final
wildfly	eq	10.0.0.Alpha4
wildfly	eq	7.0.0.Final-prerelease2
wildfly	eq	16.0.0.Final
wildfly	eq	7.1.1.Final
wildfly	eq	7.0.0.Alpha1-final
wildfly	eq	19.0.0.Beta1
wildfly	eq	7.1.0.Beta1
wildfly	eq	12.0.0.Final
wildfly	eq	23.0.0.Beta1