VDB
RHSA-2021%3A2965
RHSA-2021%3A2965
PUBLISHED
CVSS 3.5 LOW
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.
Risk Scores
CVSS 3.1
3.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Single Sign-On 7.4.8 |
Timeline
- Jul 29, 2021 CVE Published
- Mar 18, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2021:2965 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.4 advisory
- https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/ advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1944888 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1948001 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2965.json advisory
- https://access.redhat.com/security/cve/CVE-2021-3536 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-3536 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-3536 advisory
- https://access.redhat.com/security/cve/CVE-2021-21409 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-21409 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-21409 advisory
- https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32 advisory