GHSA-hp88-hfjw-2hg4: Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store

March 28, 2025 (updated May 6, 2025)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-f7jh-m6wp-jm7f. This link is maintained to preserve external references.

Original Description

A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.

References

Code Behaviors & Features

Detect and mitigate GHSA-hp88-hfjw-2hg4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →