Описание
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | process-editor | Affected | ||
| Red Hat JBoss BRMS 6 | process-editor | Affected | ||
| Red Hat JBoss BPMS 6.3 | Fixed | RHSA-2016:2822 | 28.11.2016 | |
| Red Hat JBoss BRMS 6.3 | Fixed | RHSA-2016:2823 | 28.11.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Связанные уязвимости
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.
EPSS
5.4 Medium
CVSS3
5.5 Medium
CVSS2