Cross-Site Scripting Vulnerability in JBoss Management Console
CVE-2018-10934

5.4MEDIUM

Key Information:

Vendor

Red Hat
Status
Wildfly-core
Vendor
CVE Published:
27 March 2019

What is CVE-2018-10934?

A cross-site scripting (XSS) vulnerability has been identified in the JBoss Management Console, allowing users with the ability to create objects within the application to inject malicious scripts. This exploitation could notably compromise other users with privileged roles, leading to potential unauthorized actions and data exposure. It is critical for organizations utilizing affected versions to implement the necessary updates to rectify this vulnerability and safeguard against XSS attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

wildfly-core 7.1.6.CR1

wildfly-core 7.1.6.GA

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:1160
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1162
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.