CVE-2021-3536 - AskarLabs CVE Database

CVE-2021-3536

Vendor N/A

Product wildfly

Weakness CWE-79 · XSS

Published May 20, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

Key dates

02Disclosure timeline

May 20, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-3536 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-23972 WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS) CVE-2024-13400 Kona Gallery Block <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-40643 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker CVE-2025-47069 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2026-48228 Open ISES Tickets < 3.44.2 Reflected XSS via patient_w.php id and ticket_id Parameters