Описание
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | wildfly-core | Out of support scope | ||
| Red Hat Decision Manager 7 | wildfly-core | Not affected | ||
| Red Hat JBoss BRMS 6 | wildfly-core | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | wildfly-core | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | wildfly-core | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | wildfly | Affected | ||
| Red Hat JBoss Fuse 6 | wildfly-core | Out of support scope | ||
| Red Hat JBoss Operations Network 3 | wildfly-core | Out of support scope | ||
| Red Hat Process Automation 7 | wildfly-core | Not affected | ||
| Red Hat Single Sign-On 7 | wildfly-core | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.4 Medium
CVSS3
Связанные уязвимости
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
A cross-site scripting (XSS) vulnerability was found in the JBoss Mana ...
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
EPSS
5.4 Medium
CVSS3