Description
Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.
Remediation
References
https://github.com/kiegroup/jbpm-wb/compare/6.0.x
https://github.com/kiegroup/jbpm-wb/commit/4818204506e8e94645b52adb9426bedfa9ffdd04
https://bugzilla.redhat.com/show_bug.cgi?id=1048380
Related Vulnerabilities
CVE-2023-29528 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webflux
CVE-2023-43666 Vulnerability in maven package org.apache.inlong:manager-web
CVE-2021-32809 Vulnerability in maven package org.webjars.npm:ckeditor4