CVE-2021-3536

Description

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

Affected packages (2)

• Bitnami/wildflyfrom 0, < 23.0.2
• Maven/org.wildfly:wildfly-parentfrom 0, < 23.0.2.Final

CVSS scores

References (2)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-3536
• WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1948001