Skip to content

Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment

High
hpehl published GHSA-64gp-r758-8pfm Dec 23, 2024

Package

maven org.jboss.hal:hal-console (Maven)

Affected versions

< 3.7.7.Final

Patched versions

3.7.7.Final

Description

A vulnerability was found in the WildFly management console. A user may perform cross-site scripting in the deployment system. An attacker (or insider) may execute a malicious payload which could trigger an undesired behavior against the server.

Impact

Cross-site scripting (XSS) vulnerability in the management console.

Patches

Fixed in HAL 3.7.7.Final

Workarounds

No workaround available

References

See also: https://issues.redhat.com/browse/WFLY-19969

Severity

High

CVE ID

CVE-2024-10234

Weaknesses

No CWEs