Vulnerability Details CVE-2021-3536
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.5%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
Products affected by CVE-2021-3536
-
cpe:2.3:a:redhat:build_of_quarkus:-
-
cpe:2.3:a:redhat:data_grid:8.0
-
cpe:2.3:a:redhat:descision_manager:7.0
-
cpe:2.3:a:redhat:integration_camel_k:-
-
cpe:2.3:a:redhat:integration_camel_quarkus:-
-
cpe:2.3:a:redhat:integration_service_registry:-
-
cpe:2.3:a:redhat:jboss_a-mq:7
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0
-
cpe:2.3:a:redhat:wildfly:-
-
cpe:2.3:a:redhat:wildfly:10.0.0
-
cpe:2.3:a:redhat:wildfly:10.1.0
-
cpe:2.3:a:redhat:wildfly:10.1.2
-
cpe:2.3:a:redhat:wildfly:11.0.0
-
cpe:2.3:a:redhat:wildfly:12.0.0
-
cpe:2.3:a:redhat:wildfly:13.0.0
-
cpe:2.3:a:redhat:wildfly:14.0.0
-
cpe:2.3:a:redhat:wildfly:14.0.1
-
cpe:2.3:a:redhat:wildfly:15.0.0
-
cpe:2.3:a:redhat:wildfly:15.0.1
-
cpe:2.3:a:redhat:wildfly:16.0.0
-
cpe:2.3:a:redhat:wildfly:17.0.0
-
cpe:2.3:a:redhat:wildfly:17.0.1
-
cpe:2.3:a:redhat:wildfly:18.0.0
-
cpe:2.3:a:redhat:wildfly:18.0.1
-
cpe:2.3:a:redhat:wildfly:19.0.0
-
cpe:2.3:a:redhat:wildfly:19.1.0
-
cpe:2.3:a:redhat:wildfly:20.0.0
-
cpe:2.3:a:redhat:wildfly:20.0.1
-
cpe:2.3:a:redhat:wildfly:21.0.0
-
cpe:2.3:a:redhat:wildfly:21.0.1
-
cpe:2.3:a:redhat:wildfly:21.0.2
-
cpe:2.3:a:redhat:wildfly:22.0.0
-
cpe:2.3:a:redhat:wildfly:22.0.1
-
cpe:2.3:a:redhat:wildfly:23.0.0
-
cpe:2.3:a:redhat:wildfly:23.0.1
-
cpe:2.3:a:redhat:wildfly:7.2.0
-
cpe:2.3:a:redhat:wildfly:7.2.3
-
cpe:2.3:a:redhat:wildfly:7.2.5
-
cpe:2.3:a:redhat:wildfly:8.0.0
-
cpe:2.3:a:redhat:wildfly:8.1.0
-
cpe:2.3:a:redhat:wildfly:8.2.0
-
cpe:2.3:a:redhat:wildfly:8.2.1
-
cpe:2.3:a:redhat:wildfly:9.0.0
-
cpe:2.3:a:redhat:wildfly:9.0.1
-
cpe:2.3:a:redhat:wildfly:9.0.2