2320848 – (CVE-2024-10234) CVE-2024-10234 wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)

Bug 2320848 (CVE-2024-10234) - CVE-2024-10234 wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)

Summary: CVE-2024-10234 wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)

Keywords:
Status:	NEW
Alias:	CVE-2024-10234
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-22 01:52 UTC by OSIDB Bzimport
Modified:	2025-09-17 18:53 UTC (History)
CC List:	48 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:10924	None	None	None	2025-07-14 15:55:46 UTC
Red Hat Product Errata	RHSA-2025:10925	None	None	None	2025-07-14 15:54:58 UTC
Red Hat Product Errata	RHSA-2025:10926	None	None	None	2025-07-14 15:54:18 UTC
Red Hat Product Errata	RHSA-2025:10931	None	None	None	2025-07-14 16:21:27 UTC
Red Hat Product Errata	RHSA-2025:11636	None	None	None	2025-07-23 15:25:00 UTC
Red Hat Product Errata	RHSA-2025:11638	None	None	None	2025-07-23 15:25:46 UTC
Red Hat Product Errata	RHSA-2025:11639	None	None	None	2025-07-23 15:22:32 UTC
Red Hat Product Errata	RHSA-2025:11640	None	None	None	2025-07-23 15:23:40 UTC
Red Hat Product Errata	RHSA-2025:11645	None	None	None	2025-07-23 15:31:29 UTC
Red Hat Product Errata	RHSA-2025:2025	None	None	None	2025-03-03 11:04:21 UTC
Red Hat Product Errata	RHSA-2025:2026	None	None	None	2025-03-03 11:04:36 UTC
Red Hat Product Errata	RHSA-2025:2029	None	None	None	2025-03-03 11:12:10 UTC

Description OSIDB Bzimport 2024-10-22 01:52:24 UTC

A vulnerability was found in Wildfly. A user may perform cross-site scripting in Wildfly deployment system. An attacker (or insider) may execute a deploy with a malicious payload which could trigger an undesired behavior against the server.

Comment 2 errata-xmlrpc 2025-03-03 11:04:18 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8

Via RHSA-2025:2025 https://access.redhat.com/errata/RHSA-2025:2025

Comment 3 errata-xmlrpc 2025-03-03 11:04:33 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9

Via RHSA-2025:2026 https://access.redhat.com/errata/RHSA-2025:2026

Comment 4 errata-xmlrpc 2025-03-03 11:12:07 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2025:2029 https://access.redhat.com/errata/RHSA-2025:2029

Comment 6 errata-xmlrpc 2025-07-14 15:54:14 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9

Via RHSA-2025:10926 https://access.redhat.com/errata/RHSA-2025:10926

Comment 7 errata-xmlrpc 2025-07-14 15:54:53 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8

Via RHSA-2025:10925 https://access.redhat.com/errata/RHSA-2025:10925

Comment 8 errata-xmlrpc 2025-07-14 15:55:41 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7

Via RHSA-2025:10924 https://access.redhat.com/errata/RHSA-2025:10924

Comment 9 errata-xmlrpc 2025-07-14 16:21:23 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.4.23

Via RHSA-2025:10931 https://access.redhat.com/errata/RHSA-2025:10931

Comment 10 errata-xmlrpc 2025-07-23 15:22:28 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 8

Via RHSA-2025:11639 https://access.redhat.com/errata/RHSA-2025:11639

Comment 11 errata-xmlrpc 2025-07-23 15:23:36 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 9

Via RHSA-2025:11640 https://access.redhat.com/errata/RHSA-2025:11640

Comment 12 errata-xmlrpc 2025-07-23 15:24:56 UTC

This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2025:11636 https://access.redhat.com/errata/RHSA-2025:11636

Comment 13 errata-xmlrpc 2025-07-23 15:25:42 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.6 for RHEL 7

Via RHSA-2025:11638 https://access.redhat.com/errata/RHSA-2025:11638

Comment 14 errata-xmlrpc 2025-07-23 15:31:26 UTC

This issue has been addressed in the following products:

  Red Hat Single Sign-On

Via RHSA-2025:11645 https://access.redhat.com/errata/RHSA-2025:11645

Note You need to log in before you can comment on or make changes to this bug.

aschwart
asoldano
bbaranow
bmaxwell
boliveir
brian.stansberry
cdewolf
chazlett
darran.lofthouse
dhanak
dkreling
dosoudil
drichtar
ecerquei
fjuma
gmalinko
ibek
istudens
ivassile
iweiss
janstey
jkoops
jrokos
kverlaen
lgao
mnovotny
mosmerov
mposolda
msochure
msvehla
nwallace
pdelbell
pdrozd
peholase
pesilva
pjindal
pmackay
pskopek
rguimara
rmartinc
rowaters
rstancel
rstepani
smaestri
ssilvert
sthorger
tom.jenkinson
vmuzikar