Description

Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-1968.html

http://rhn.redhat.com/errata/RHSA-2016-1969.html

http://www.securityfocus.com/bid/93219

https://bugzilla.redhat.com/show_bug.cgi?id=1358523

Related Vulnerabilities

CVE-2022-28154 Vulnerability in maven package org.jenkins-ci.plugins:covcomplplot

CVE-2023-30532 Vulnerability in maven package org.jenkinsci.plugins.spoonscript:spoonscript

CVE-2022-45868 Vulnerability in maven package com.h2database:h2

CVE-2022-45380 Vulnerability in maven package org.jenkins-ci.plugins:junit

CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-api

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory Issue Tracking VDB Entry