Описание
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | dashbuilder | Affected | ||
| Red Hat JBoss BRMS 6 | dashbuilder | Not affected | ||
| Red Hat JBoss BPMS 6.4 | Fixed | RHSA-2017:0557 | 16.03.2017 | |
| Red Hat JBoss Data Virtualization 6.4 | dashbuilder | Fixed | RHSA-2018:0296 | 13.02.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Связанные уязвимости
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.
EPSS
6.1 Medium
CVSS3
5.8 Medium
CVSS2