{"uuid": "8b116c7e-cba5-4026-8c21-22c1b95258d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2901", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9353", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2901\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.\n\ud83d\udccf Published: 2025-03-28T14:06:58.940Z\n\ud83d\udccf Modified: 2025-03-28T14:06:58.940Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/security/cve/CVE-2025-2901\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2355685", "creation_timestamp": "2025-03-28T14:27:36.000000Z"}