GHSA-f7jh-m6wp-jm7f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-f7jh-m6wp-jm7f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-f7jh-m6wp-jm7f/GHSA-f7jh-m6wp-jm7f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-f7jh-m6wp-jm7f
- Aliases
-
- CVE-2025-2901
- Published
- 2025-05-06T18:51:27Z
- Modified
- 2025-05-06T19:27:24.291830Z
- Severity
-
- 4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store
- Details
-
A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.
Impact
Cross-site scripting (XSS) vulnerability in the management console.
Patches
Fixed in HAL 3.7.11.Final
Workarounds
No workaround available
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-05-06T18:51:27Z" }- References
-
- https://github.com/hal/console/security/advisories/GHSA-f7jh-m6wp-jm7f
- https://nvd.nist.gov/vuln/detail/CVE-2025-2901
- https://github.com/hal/console/commit/216de3b8aa82ea92df10cc296d88c68467cf2c52
- https://access.redhat.com/security/cve/CVE-2025-2901
- https://bugzilla.redhat.com/show_bug.cgi?id=2355685
- https://github.com/hal/console
- https://github.com/hal/console/releases/tag/v3.7.11
Affected packages
Maven / org.jboss.hal:hal-console
Package
- Name
- org.jboss.hal:hal-console
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.hal/hal-console
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.7.11.Final
Affected versions
3.*
3.5.0.Final
3.5.1.Final
3.5.2.Final
3.5.3.Final
3.5.4.Final
3.5.5.Final
3.5.6.Final
3.5.7.Final
3.5.8.Final
3.5.9.Final
3.5.10.Final
3.5.11.Final
3.5.12.Final
3.6.0.Final
3.6.1.Final
3.6.2.Final
3.6.3.Final
3.6.4.Final
3.6.5.Final
3.6.6.Final
3.6.7.Final
3.6.8.Final
3.6.9.Final
3.6.10.Final
3.6.11.Final
3.6.12.Final
3.6.13.Final
3.6.14.Final
3.6.15.Final
3.6.16.Final
3.6.17.Final
3.6.18.Final
3.6.19.Final
3.6.20.Final
3.6.21.Final
3.6.22.Final
3.6.23.Final
3.7.0.Final
3.7.4.Final
3.7.5.Final
3.7.6.Final
3.7.7.Final
3.7.8.Final
3.7.9.Final
3.7.10.Final