⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2024-10234

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
7.3HIGH
EPSS
0.6%
top 31.79%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Redhat Jboss Enterprise Application Platform
Timeline
PublishedOct 22

Description

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NExploitability: 0.9 | Impact: 5.2

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-w22f-vwwp-37pr: A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system2024-10-22
CVEList
Wildfly: wildfly vulnerable to cross-site scripting (xss)2024-10-22

📋Vendor Advisories

1
Red Hat
wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)2024-10-22
CVE-2024-10234 (HIGH CVSS 7.3) | A vulnerability was found in Wildfl | cvebase.io