{"url":"http://public2.vulnerablecode.io/api/packages/737068?format=json","purl":"pkg:maven/org.jboss.hal/hal-console@3.6.20.Final","type":"maven","namespace":"org.jboss.hal","name":"hal-console","version":"3.6.20.Final","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.7.11.Final","latest_non_vulnerable_version":"3.7.11.Final","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25954?format=json","vulnerability_id":"VCID-5du4-1bus-huhv","summary":"Duplicate Advisory: Wildfly HAL Console Cross-Site Scripting\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-jhvj-f397-8w6q. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10924","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:10924"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10925","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:10925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10926","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:10926"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-23366","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-23366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337619","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337619"},{"reference_url":"https://github.com/hal/console","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23366","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23366"},{"reference_url":"https://github.com/advisories/GHSA-5wjw-h8x5-v65m","reference_id":"GHSA-5wjw-h8x5-v65m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5wjw-h8x5-v65m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/742078?format=json","purl":"pkg:maven/org.jboss.hal/hal-console@3.7.8.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8ew2-s4a9-u7cu"},{"vulnerability":"VCID-zufu-x8dx-xygs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.hal/hal-console@3.7.8.Final"}],"aliases":["GHSA-5wjw-h8x5-v65m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5du4-1bus-huhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30444?format=json","vulnerability_id":"VCID-8ew2-s4a9-u7cu","summary":"HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store\nA flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.\n\n### Impact\nCross-site scripting (XSS) vulnerability in the management console.\n\n### Patches\nFixed in [HAL 3.7.11.Final](https://github.com/hal/console/releases/tag/v3.7.11)\n\n### Workarounds\nNo workaround available","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2901.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2901.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-2901","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-2901"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355685","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355685"},{"reference_url":"https://github.com/hal/console","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console"},{"reference_url":"https://github.com/hal/console/commit/216de3b8aa82ea92df10cc296d88c68467cf2c52","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console/commit/216de3b8aa82ea92df10cc296d88c68467cf2c52"},{"reference_url":"https://github.com/hal/console/releases/tag/v3.7.11","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console/releases/tag/v3.7.11"},{"reference_url":"https://github.com/hal/console/security/advisories/GHSA-f7jh-m6wp-jm7f","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console/security/advisories/GHSA-f7jh-m6wp-jm7f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2901","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2901"},{"reference_url":"https://github.com/advisories/GHSA-f7jh-m6wp-jm7f","reference_id":"GHSA-f7jh-m6wp-jm7f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7jh-m6wp-jm7f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10452","reference_id":"RHSA-2025:10452","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10453","reference_id":"RHSA-2025:10453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10453"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10459","reference_id":"RHSA-2025:10459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10931","reference_id":"RHSA-2025:10931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10931"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70094?format=json","purl":"pkg:maven/org.jboss.hal/hal-console@3.7.11.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.hal/hal-console@3.7.11.Final"}],"aliases":["CVE-2025-2901","GHSA-f7jh-m6wp-jm7f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ew2-s4a9-u7cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25905?format=json","vulnerability_id":"VCID-gkqy-w15q-jud2","summary":"HAL Console has a Cross Site Scripting (XSS) vulnerability of user input\nA flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.\n\n### Impact\nCross-site scripting (XSS) vulnerability in the management console.\n\n### Patches\nFixed in [HAL 3.7.7.Final](https://github.com/hal/console/releases/tag/v3.7.7) \n\n### Workarounds\nNo workaround available\n\n### References\n- https://access.redhat.com/security/cve/CVE-2025-23366\n- https://bugzilla.redhat.com/show_bug.cgi?id=2337619","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23366.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23366.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-23366","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-15T15:00:47Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-23366"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23366","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47326","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47461","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47458","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47481","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47456","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47463","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47522","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47515","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47467","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47454","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47462","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.4741","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47437","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47457","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47407","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23366"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337619","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-15T15:00:47Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2337619"},{"reference_url":"https://github.com/hal/console","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console"},{"reference_url":"https://github.com/hal/console/releases/tag/v3.7.7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console/releases/tag/v3.7.7"},{"reference_url":"https://github.com/hal/console/security/advisories/GHSA-jhvj-f397-8w6q","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console/security/advisories/GHSA-jhvj-f397-8w6q"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://github.com/advisories/GHSA-jhvj-f397-8w6q","reference_id":"GHSA-jhvj-f397-8w6q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jhvj-f397-8w6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51166?format=json","purl":"pkg:maven/org.jboss.hal/hal-console@3.7.7.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5du4-1bus-huhv"},{"vulnerability":"VCID-8ew2-s4a9-u7cu"},{"vulnerability":"VCID-zufu-x8dx-xygs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.hal/hal-console@3.7.7.Final"}],"aliases":["CVE-2025-23366","GHSA-jhvj-f397-8w6q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkqy-w15q-jud2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14583?format=json","vulnerability_id":"VCID-w155-te58-v3fy","summary":"Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment\nA vulnerability was found in the WildFly management console. A user may perform cross-site scripting in the deployment system. An attacker (or insider) may execute a malicious payload which could trigger an undesired behavior against the server.\n\n### Impact\nCross-site scripting (XSS) vulnerability in the management console.\n\n### Patches\nFixed in [HAL 3.7.7.Final](https://github.com/hal/console/releases/tag/v3.7.7) \n\n### Workarounds\nNo workaround available\n\n### References\nSee also: https://issues.redhat.com/browse/WFLY-19969","references":[{"reference_url":"https://github.com/hal/console","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console"},{"reference_url":"https://github.com/hal/console/releases/tag/v3.7.7","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console/releases/tag/v3.7.7"},{"reference_url":"https://github.com/hal/console/security/advisories/GHSA-64gp-r758-8pfm","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console/security/advisories/GHSA-64gp-r758-8pfm"},{"reference_url":"https://issues.redhat.com/browse/WFLY-19969","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.redhat.com/browse/WFLY-19969"},{"reference_url":"https://github.com/advisories/GHSA-64gp-r758-8pfm","reference_id":"GHSA-64gp-r758-8pfm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-64gp-r758-8pfm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51166?format=json","purl":"pkg:maven/org.jboss.hal/hal-console@3.7.7.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5du4-1bus-huhv"},{"vulnerability":"VCID-8ew2-s4a9-u7cu"},{"vulnerability":"VCID-zufu-x8dx-xygs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.hal/hal-console@3.7.7.Final"}],"aliases":["GHSA-64gp-r758-8pfm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w155-te58-v3fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29226?format=json","vulnerability_id":"VCID-zufu-x8dx-xygs","summary":"Duplicate Advisory: HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-f7jh-m6wp-jm7f. This link is maintained to preserve external references.\n\n# Original Description\n\nA flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.","references":[{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-2901","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-2901"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355685","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355685"},{"reference_url":"https://github.com/hal/console","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hal/console"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2901","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2901"},{"reference_url":"https://github.com/advisories/GHSA-hp88-hfjw-2hg4","reference_id":"GHSA-hp88-hfjw-2hg4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hp88-hfjw-2hg4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70094?format=json","purl":"pkg:maven/org.jboss.hal/hal-console@3.7.11.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.hal/hal-console@3.7.11.Final"}],"aliases":["GHSA-hp88-hfjw-2hg4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zufu-x8dx-xygs"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.hal/hal-console@3.6.20.Final"}