17 matches found
EUVD-2025-0099
Malicious code in bioql PyPI...
org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
org.jboss.hal:hal-standalone (>=3.5.0.Final <=3.7.10.Final) potentially affected by CVE-2025-2901 via org.jboss.hal:hal-console (>=3.5.0.Final <=3.7.10.Final)
org.jboss.hal:hal-console MAVEN version =3.5.0.Final, =3.5.0.Final, =3.7.10.Final Source cves: CVE-2025-2901 Source advisory: OSV:GHSA-F7JH-M6WP-JM7F...
org.jboss.hal:hal-standalone (>=3.5.0.Final <=3.7.19.Final) potentially affected by CVE-2025-23366 via org.jboss.hal:hal-console (>=3.5.0.Final <=3.7.6.Final)
org.jboss.hal:hal-console MAVEN version =3.5.0.Final, =3.5.0.Final, =3.7.19.Final Source cves: CVE-2025-23366 Source advisory: OSV:GHSA-JHVJ-F397-8W6Q...
GHSA-JHVJ-F397-8W6Q HAL Console has a Cross Site Scripting (XSS) vulnerability of user input
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
HAL Console has a Cross Site Scripting (XSS) vulnerability of user input
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
Duplicate Advisory: Wildfly HAL Console Cross-Site Scripting
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jhvj-f397-8w6q. This link is maintained to preserve external references. Original Description A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes...
GHSA-5WJW-H8X5-V65M Duplicate Advisory: Wildfly HAL Console Cross-Site Scripting
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jhvj-f397-8w6q. This link is maintained to preserve external references. Original Description A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes...
CVE-2025-23366
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
CVE-2025-23366
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
CVE-2025-23366 Org.jboss.hal:hal-console: wildfly hal console cross-site scripting
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
CVE-2025-23366 Org.jboss.hal:hal-console: wildfly hal console cross-site scripting
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
CVE-2025-23366
The CVE-2025-23366 issue affects the HAL Console component of WildFly, where user-controllable input is not properly neutralized before being rendered in web output, enabling Cross-Site Scripting (XSS) when authenticated as a user in the management groups SuperUser/Admin/Maintainer. Practical imp...
CVE-2025-23366
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
org.jboss.hal:hal-standalone (>=3.5.0.Final <=3.7.19.Final) potentially affected by unknown CVE via org.jboss.hal:hal-console (>=3.5.0.Final <=3.7.6.Final)
org.jboss.hal:hal-console MAVEN version =3.5.0.Final, =3.5.0.Final, =3.7.19.Final Source cves: unknown CVE Source advisory: OSV:GHSA-64GP-R758-8PFM...
org.jboss.hal:hal-standalone (>=3.5.0.Final <=3.7.19.Final) potentially affected by CVE-2024-10234 via org.jboss.hal:hal-console (>=3.5.0.Final <=3.7.5.Final)
org.jboss.hal:hal-console MAVEN version =3.5.0.Final, =3.5.0.Final, =3.7.19.Final Source cves: CVE-2024-10234 Source advisory: SNYK:JAVA-ORGJBOSSHAL-9376930...