CVE-2021-3536

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1948001 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*

History

26 May 2021, 15:02

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 4.8
CWE CWE-79
CPE cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1948001 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1948001 - Issue Tracking, Vendor Advisory

20 May 2021, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-20 13:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-3536

Mitre link : CVE-2021-3536

CVE.ORG link : CVE-2021-3536


JSON object : View

Products Affected

redhat

  • descision_manager
  • jboss_enterprise_application_platform
  • integration_camel_k
  • data_grid
  • wildfly
  • integration_service_registry
  • build_of_quarkus
  • jboss_a-mq
  • integration_camel_quarkus
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')