A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

Affected Packages

Maven org.wildfly:wildfly-parent

Affected versions: 0 (fixed in 23.0.2.Final)

Related CVEs

CVE-2021-3536

Key Information

GHSA ID

GHSA-v2wx-jj66-2hp7

Published

May 25, 2021 6:45 PM

Last Modified

May 21, 2021 5:58 PM

CVSS Score

2.5 /10

Primary Ecosystem

Maven

Primary Package

org.wildfly:wildfly-parent

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.