1. Home
  2. CVE Database
  3. CVE-2021-3536
MEDIUM · 4.8

CVE-2021-3536

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affe...

Vulnerability Description

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
RedhatBuild Of Quarkus-
RedhatData Grid8.0
RedhatDescision Manager7.0
RedhatIntegration Camel K-
RedhatIntegration Camel Quarkus-
RedhatIntegration Service Registry-
RedhatJboss A-Mq7
RedhatJboss Enterprise Application Platform7.0
RedhatWildfly< 23.0.2

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2021-3536?

CVE-2021-3536 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affe...

How severe is CVE-2021-3536?

CVE-2021-3536 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3536?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Build Of Quarkus, Redhat Data Grid, Redhat Descision Manager, Redhat Integration Camel K, Redhat Integration Camel Quarkus.