4 matches found
CVE-2025-23366
The CVE-2025-23366 issue affects the HAL Console component of WildFly, where user-controllable input is not properly neutralized before being rendered in web output, enabling Cross-Site Scripting (XSS) when authenticated as a user in the management groups SuperUser/Admin/Maintainer. Practical imp...
CVE-2025-23366 Org.jboss.hal:hal-console: wildfly hal console cross-site scripting
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
CVE-2025-23366 Org.jboss.hal:hal-console: wildfly hal console cross-site scripting
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
CVE-2025-23366
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...