Описание
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | business-central | Affected | ||
| Red Hat JBoss BRMS 6 | business-central | Affected | ||
| Red Hat JBoss BPMS 6.3 | Fixed | RHSA-2016:1969 | 28.09.2016 | |
| Red Hat JBoss BRMS 6.3 | Fixed | RHSA-2016:1968 | 28.09.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
EPSS
5.4 Medium
CVSS3
5.5 Medium
CVSS2