CVE-2024-10234

Description

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.1CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
• v3.1•HIGH•Score: 7.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS Trends

Current EPSS score: 0.56%• Percentile: 69%

Techniques & Countermeasures

• CWE-79•Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Affected Systems

• redhat•build_of_keycloak

  na

• redhat•jboss_enterprise_application_platform

  8.0

References (14)

• https://access.redhat.com/errata/RHSA-2025:10924
• https://access.redhat.com/errata/RHSA-2025:10925
• https://access.redhat.com/errata/RHSA-2025:10926
• https://access.redhat.com/errata/RHSA-2025:10931
• https://access.redhat.com/errata/RHSA-2025:11636
• https://access.redhat.com/errata/RHSA-2025:11638
• https://access.redhat.com/errata/RHSA-2025:11639
• https://access.redhat.com/errata/RHSA-2025:11640
• https://access.redhat.com/errata/RHSA-2025:11645
• https://access.redhat.com/errata/RHSA-2025:2025
• https://access.redhat.com/errata/RHSA-2025:2026
• https://access.redhat.com/errata/RHSA-2025:2029
• https://access.redhat.com/security/cve/CVE-2024-10234
• https://bugzilla.redhat.com/show_bug.cgi?id=2320848