Описание
Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.
A flaw was found in the way the mod_cluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the mod_cluster manager web interface.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | mod_cluster | Under investigation | ||
| Red Hat JBoss Data Grid 6 | mod_cluster | Under investigation | ||
| Red Hat JBoss Data Virtualization 6 | mod_cluster | Under investigation | ||
| Red Hat JBoss Enterprise Application Platform 5 | mod_cluster | Under investigation | ||
| Red Hat JBoss Enterprise Web Server 1 | mod_cluster | Under investigation | ||
| Red Hat JBoss Fuse Service Works 6 | mod_cluster | Under investigation | ||
| Red Hat JBoss Operations Network 3 | mod_cluster | Under investigation | ||
| Red Hat JBoss Portal 5 | mod_cluster | Under investigation | ||
| Red Hat JBoss Portal 6 | mod_cluster | Under investigation | ||
| Red Hat JBoss SOA Platform 5 | mod_cluster | Under investigation |
Показывать по
Дополнительная информация
Статус:
EPSS
5.2 Medium
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.
Cross-site scripting (XSS) vulnerability in the manager web interface ...
Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.
EPSS
5.2 Medium
CVSS2