REDHAT-BUG-2355685: XSS
First published: Fri Mar 28 2025(Updated: )
The identified Stored XSS vulnerabilities in the JBoss EAP Management Console allow authenticated users with appropriate permissions to inject malicious scripts. These scripts can be stored and executed within the context of the application, potentially compromising other users who access the affected components.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss Enterprise Application Platform |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2355685?
The vulnerability REDHAT-BUG-2355685 is classified as a Stored XSS vulnerability, which can allow attackers to inject scripts into the JBoss EAP Management Console.
How do I mitigate REDHAT-BUG-2355685?
To mitigate REDHAT-BUG-2355685, ensure that input validation and output encoding are implemented properly in the JBoss EAP Management Console.
Who is affected by REDHAT-BUG-2355685?
Authenticated users with the necessary permissions in the JBoss EAP Management Console are affected by REDHAT-BUG-2355685.
What can an attacker do with REDHAT-BUG-2355685?
An attacker can exploit REDHAT-BUG-2355685 to inject malicious scripts that may execute in the context of other users accessing the application.
Is there a patch for REDHAT-BUG-2355685?
Yes, Red Hat typically releases patches to address vulnerabilities like REDHAT-BUG-2355685, so check their official updates for a fix.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-2901
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/source
- agent/type
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/red hat
- canonical/red hat jboss enterprise application platform