11 matches found
org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
org.jboss.hal:hal-console: Wildfly HAL Console Cross-Site Scripting
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
GHSA-JHVJ-F397-8W6Q HAL Console has a Cross Site Scripting (XSS) vulnerability of user input
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
Cross-site Scripting (XSS)
Overview org.jboss.hal:hal-core is a Core HAL API. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper neutralization of user-controllable input before it is placed in output that is served as a web page. An attacker can execute arbitrary script in the...
GHSA-5WJW-H8X5-V65M Duplicate Advisory: Wildfly HAL Console Cross-Site Scripting
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jhvj-f397-8w6q. This link is maintained to preserve external references. Original Description A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes...
CVE-2025-23366
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
CVE-2025-23366
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
CVE-2025-23366
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...
CVE-2025-23366
The CVE-2025-23366 issue affects the HAL Console component of WildFly, where user-controllable input is not properly neutralized before being rendered in web output, enabling Cross-Site Scripting (XSS) when authenticated as a user in the management groups SuperUser/Admin/Maintainer. Practical imp...
PT-2025-4864
Name of the Vulnerable Software and Affected Versions Wildfly component versions prior to HAL 3.7.7.Final Description A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a...