Description
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
Remediation
References
Related Vulnerabilities
Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0)
phpMyAdmin Other Vulnerability (CVE-2007-1395)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.10)
Dolphin Other Vulnerability (CVE-2006-4189)
PHP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2023-3823)