A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 15 Jan 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 15 Jan 2025 02:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 14 Jan 2025 17:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.
Title Org.jboss.hal:hal-console: wildfly hal console cross-site scripting
First Time appeared Redhat
Redhat jboss Data Grid
Redhat jboss Enterprise Application Platform
Redhat jbosseapxp
Weaknesses CWE-79
CPEs cpe:/a:redhat:jboss_data_grid:7
cpe:/a:redhat:jboss_enterprise_application_platform:7
cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:jbosseapxp
Vendors & Products Redhat
Redhat jboss Data Grid
Redhat jboss Enterprise Application Platform
Redhat jbosseapxp
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-23T05:15:01.071Z

Reserved: 2025-01-14T15:23:42.645Z

Link: CVE-2025-23366

cve-icon Vulnrichment

Updated: 2025-01-15T15:00:48.978Z

cve-icon NVD

Status : Received

Published: 2025-01-14T18:16:06.290

Modified: 2025-01-14T18:16:06.290

Link: CVE-2025-23366

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-01-14T00:00:00Z

Links: CVE-2025-23366 - Bugzilla

cve-icon OpenCVE Enrichment

No data.