CVE-2025-2901

Published Mar 28, 2025

Last updated 8 days ago

CVSS medium 4.6

Overview

Description
A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.
Source
secalert@redhat.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
4.6
Impact score
2.5
Exploitability score
2.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

secalert@redhat.com
CWE-79

Social media

Hype score
Not currently trending

  1. New post from https://t.co/uXvPWJy6tj (CVE-2025-2901 | Red Hat JBoss Enterprise Application Platform Management Console cross site scripting) has been published on https://t.co/VAC4s239dq

    @WolfgangSesin

    28 Mar 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References