VulnerableCode Package Details - pkg:maven/org.jboss.hal/hal-console@3.7.11.Final

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8ew2-s4a9-u7cu	HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities. ### Impact Cross-site scripting (XSS) vulnerability in the management console. ### Patches Fixed in [HAL 3.7.11.Final](https://github.com/hal/console/releases/tag/v3.7.11) ### Workarounds No workaround available	CVE-2025-2901 GHSA-f7jh-m6wp-jm7f
VCID-zufu-x8dx-xygs	Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7jh-m6wp-jm7f. This link is maintained to preserve external references. # Original Description A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.	GHSA-hp88-hfjw-2hg4

Vulnerability

Summary

Aliases

VCID-8ew2-s4a9-u7cu

HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities. ### Impact Cross-site scripting (XSS) vulnerability in the management console. ### Patches Fixed in [HAL 3.7.11.Final](https://github.com/hal/console/releases/tag/v3.7.11) ### Workarounds No workaround available

CVE-2025-2901
GHSA-f7jh-m6wp-jm7f

VCID-zufu-x8dx-xygs

Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7jh-m6wp-jm7f. This link is maintained to preserve external references. # Original Description A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.

GHSA-hp88-hfjw-2hg4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:28:23.122433+00:00	GitLab Importer	Fixing	VCID-8ew2-s4a9-u7cu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.hal/hal-console/CVE-2025-2901.yml	38.4.0
2026-04-16T23:25:12.145967+00:00	GitLab Importer	Fixing	VCID-zufu-x8dx-xygs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.hal/hal-console/GHSA-hp88-hfjw-2hg4.yml	38.4.0
2026-04-12T00:47:59.022067+00:00	GitLab Importer	Fixing	VCID-8ew2-s4a9-u7cu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.hal/hal-console/CVE-2025-2901.yml	38.3.0
2026-04-12T00:44:34.195507+00:00	GitLab Importer	Fixing	VCID-zufu-x8dx-xygs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.hal/hal-console/GHSA-hp88-hfjw-2hg4.yml	38.3.0
2026-04-07T04:57:45.202959+00:00	GHSA Importer	Fixing	VCID-8ew2-s4a9-u7cu	https://github.com/advisories/GHSA-f7jh-m6wp-jm7f	38.1.0
2026-04-07T04:57:26.037862+00:00	GHSA Importer	Fixing	VCID-zufu-x8dx-xygs	https://github.com/advisories/GHSA-hp88-hfjw-2hg4	38.1.0
2026-04-03T00:55:59.052538+00:00	GitLab Importer	Fixing	VCID-8ew2-s4a9-u7cu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.hal/hal-console/CVE-2025-2901.yml	38.1.0
2026-04-03T00:52:31.220722+00:00	GitLab Importer	Fixing	VCID-zufu-x8dx-xygs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.hal/hal-console/GHSA-hp88-hfjw-2hg4.yml	38.1.0
2026-04-02T12:41:23.018767+00:00	GitLab Importer	Fixing	VCID-8ew2-s4a9-u7cu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.hal/hal-console/CVE-2025-2901.yml	38.0.0
2026-04-02T12:41:09.027449+00:00	GitLab Importer	Fixing	VCID-zufu-x8dx-xygs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.hal/hal-console/GHSA-hp88-hfjw-2hg4.yml	38.0.0
2026-04-01T12:57:05.081812+00:00	GithubOSV Importer	Fixing	VCID-8ew2-s4a9-u7cu	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-f7jh-m6wp-jm7f/GHSA-f7jh-m6wp-jm7f.json	38.0.0
2026-04-01T12:56:11.228226+00:00	GithubOSV Importer	Fixing	VCID-zufu-x8dx-xygs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-hp88-hfjw-2hg4/GHSA-hp88-hfjw-2hg4.json	38.0.0