Description
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2005-3388)
IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2019-4156)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)
WordPress Plugin Admin side data storage for Contact Form 7 Cross-Site Scripting (1.1.1)