Description

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.

Remediation

References

CVE-2011-3606

Related Vulnerabilities

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4198)

WordPress Plugin WP Customer Reviews Unspecified Vulnerability (3.0.7)

ProjectSend Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-11492)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20827)

WordPress Plugin Simplr Registration Form Plus+ Privilege Escalation (2.4.3)

Severity

Medium

Classification

CVE-2011-3606 CWE-707

Tags

Missing Update Known Vulnerabilities