Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.jboss.hal/hal-console@3.7.9.Final
Typemaven
Namespaceorg.jboss.hal
Namehal-console
Version3.7.9.Final
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.7.11.Final
Latest_non_vulnerable_version3.7.11.Final
Affected_by_vulnerabilities
0
url VCID-8ew2-s4a9-u7cu
vulnerability_id VCID-8ew2-s4a9-u7cu
summary 
HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store
A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.

### Impact
Cross-site scripting (XSS) vulnerability in the management console.

### Patches
Fixed in [HAL 3.7.11.Final](https://github.com/hal/console/releases/tag/v3.7.11)

### Workarounds
No workaround available
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2901.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2901.json
1
reference_url https://access.redhat.com/security/cve/CVE-2025-2901
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-2901
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2355685
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2355685
3
reference_url https://github.com/hal/console
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hal/console
4
reference_url https://github.com/hal/console/commit/216de3b8aa82ea92df10cc296d88c68467cf2c52
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hal/console/commit/216de3b8aa82ea92df10cc296d88c68467cf2c52
5
reference_url https://github.com/hal/console/releases/tag/v3.7.11
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hal/console/releases/tag/v3.7.11
6
reference_url https://github.com/hal/console/security/advisories/GHSA-f7jh-m6wp-jm7f
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hal/console/security/advisories/GHSA-f7jh-m6wp-jm7f
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2901
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2901
8
reference_url https://github.com/advisories/GHSA-f7jh-m6wp-jm7f
reference_id GHSA-f7jh-m6wp-jm7f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7jh-m6wp-jm7f
9
reference_url https://access.redhat.com/errata/RHSA-2025:10452
reference_id RHSA-2025:10452
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10452
10
reference_url https://access.redhat.com/errata/RHSA-2025:10453
reference_id RHSA-2025:10453
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10453
11
reference_url https://access.redhat.com/errata/RHSA-2025:10459
reference_id RHSA-2025:10459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10459
12
reference_url https://access.redhat.com/errata/RHSA-2025:10931
reference_id RHSA-2025:10931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10931
fixed_packages
0
url pkg:maven/org.jboss.hal/hal-console@3.7.11.Final
purl pkg:maven/org.jboss.hal/hal-console@3.7.11.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.hal/hal-console@3.7.11.Final
aliases CVE-2025-2901, GHSA-f7jh-m6wp-jm7f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8ew2-s4a9-u7cu
1
url VCID-zufu-x8dx-xygs
vulnerability_id VCID-zufu-x8dx-xygs
summary 
Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-f7jh-m6wp-jm7f. This link is maintained to preserve external references.

# Original Description

A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.
references
0
reference_url https://access.redhat.com/security/cve/CVE-2025-2901
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-2901
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2355685
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2355685
2
reference_url https://github.com/hal/console
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hal/console
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2901
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2901
4
reference_url https://github.com/advisories/GHSA-hp88-hfjw-2hg4
reference_id GHSA-hp88-hfjw-2hg4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hp88-hfjw-2hg4
fixed_packages
0
url pkg:maven/org.jboss.hal/hal-console@3.7.11.Final
purl pkg:maven/org.jboss.hal/hal-console@3.7.11.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.hal/hal-console@3.7.11.Final
aliases GHSA-hp88-hfjw-2hg4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zufu-x8dx-xygs
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.hal/hal-console@3.7.9.Final