Description

Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1358523

http://www.securityfocus.com/bid/93219

http://rhn.redhat.com/errata/RHSA-2016-1969.html

http://rhn.redhat.com/errata/RHSA-2016-1968.html

Related Vulnerabilities

CVE-2018-1297 Vulnerability in maven package org.apache.jmeter:apachejmeter

CVE-2022-29567 Vulnerability in maven package com.vaadin:vaadin-grid-flow

CVE-2023-42278 Vulnerability in maven package cn.hutool:hutool-json

CVE-2022-39135 Vulnerability in maven package org.apache.calcite:calcite-core

CVE-2021-3805 Vulnerability in npm package object-path

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Issue Tracking VDB Entry Vendor Advisory Third Party Advisory