Description
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1948001
Related Vulnerabilities
CVE-2022-41932 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2022-34202 Vulnerability in maven package com.geteasyqa:easyqa
CVE-2023-6291 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2016-6347 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs
CVE-2017-2600 Vulnerability in maven package org.jenkins-ci.main:jenkins-core