GHSA-jhvj-f397-8w6q
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jhvj-f397-8w6q
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-jhvj-f397-8w6q/GHSA-jhvj-f397-8w6q.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jhvj-f397-8w6q
- Aliases
-
- CVE-2025-23366
- Published
- 2025-01-16T19:05:39Z
- Modified
- 2025-01-16T19:12:13.107021Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- HAL Console has a Cross Site Scripting (XSS) vulnerability of user input
- Details
-
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.
Impact
Cross-site scripting (XSS) vulnerability in the management console.
Patches
Fixed in HAL 3.7.7.Final
Workarounds
No workaround available
References
- https://access.redhat.com/security/cve/CVE-2025-23366
- https://bugzilla.redhat.com/show_bug.cgi?id=2337619
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2025-01-16T19:05:39Z", "nvd_published_at": null, "severity": "MODERATE", "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Maven / org.jboss.hal:hal-console
Package
- Name
- org.jboss.hal:hal-console
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.hal/hal-console
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.7.7.Final
Affected versions
3.*
3.5.0.Final
3.5.1.Final
3.5.2.Final
3.5.3.Final
3.5.4.Final
3.5.5.Final
3.5.6.Final
3.5.7.Final
3.5.8.Final
3.5.9.Final
3.5.10.Final
3.5.11.Final
3.5.12.Final
3.6.0.Final
3.6.1.Final
3.6.2.Final
3.6.3.Final
3.6.4.Final
3.6.5.Final
3.6.6.Final
3.6.7.Final
3.6.8.Final
3.6.9.Final
3.6.10.Final
3.6.11.Final
3.6.12.Final
3.6.13.Final
3.6.14.Final
3.6.15.Final
3.6.16.Final
3.6.17.Final
3.6.18.Final
3.6.19.Final
3.6.20.Final
3.6.21.Final
3.7.0.Final
3.7.4.Final
3.7.5.Final
3.7.6.Final