A flaw was found in the mod_proxy_cluster in the Apache server. A malicious user can add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting vulnerability. by adding a script on the alias parameter on the URL it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low as the cluster_manager URL should NOT be exposed outside and protected by user/password.
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2024:1317 https://access.redhat.com/errata/RHSA-2024:1317
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2024:1316 https://access.redhat.com/errata/RHSA-2024:1316
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2387 https://access.redhat.com/errata/RHSA-2024:2387