CVE-2025-2901 Information

Description

A flaw was found in the JBoss EAP Management Console where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization malicious scripts can execute in the context of users who view these pages leading to potential data theft session hijacking or other malicious activities.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Reference

https://access.redhat.com/security/cve/CVE-2025-2901 https://bugzilla.redhat.com/show_bug.cgi?id=2355685

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.6