GHSA-64gp-r758-8pfm: Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment

December 23, 2024

A vulnerability was found in the WildFly management console. A user may perform cross-site scripting in the deployment system. An attacker (or insider) may execute a malicious payload which could trigger an undesired behavior against the server.

References

github.com/advisories/GHSA-64gp-r758-8pfm
github.com/hal/console
github.com/hal/console/releases/tag/v3.7.7
github.com/hal/console/security/advisories/GHSA-64gp-r758-8pfm
issues.redhat.com/browse/WFLY-19969

Detect and mitigate GHSA-64gp-r758-8pfm with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →