A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
CPE | Name | Operator | Version |
---|---|---|---|
data_grid | eq | 8.0 | |
descision_manager | eq | 7.0 | |
jboss_a-mq | eq | 7 | |
jboss_enterprise_application_platform | eq | 7.0 | |
wildfly | lt | 23.0.2 |