Description

A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.

Remediation

References

CVE-2018-10934

Related Vulnerabilities

Moodle Improper Privilege Management Vulnerability (CVE-2020-25699)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-36392)

Atlassian Jira CVE-2019-20403 Vulnerability (CVE-2019-20403)

WordPress Other Vulnerability (CVE-2007-4153)

Drupal Core 5.x HTTP Response Splitting (5.0 - 5.2)

Severity

Medium

Classification

CVE-2018-10934 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities