Cross-Site Scripting Vulnerability in JBoss Management Console
CVE-2018-10934

5.4MEDIUM

Key Information:

Vendor
Red Hat
Status
Wildfly-core
Vendor
CVE Published:
27 March 2019

Summary

A cross-site scripting (XSS) vulnerability has been identified in the JBoss Management Console, allowing users with the ability to create objects within the application to inject malicious scripts. This exploitation could notably compromise other users with privileged roles, leading to potential unauthorized actions and data exposure. It is critical for organizations utilizing affected versions to implement the necessary updates to rectify this vulnerability and safeguard against XSS attacks.

Affected Version(s)

wildfly-core 7.1.6.CR1

wildfly-core 7.1.6.GA

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:1160
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1162
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.