Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2016-1968.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1969.html | Vendor Advisory |
http://www.securityfocus.com/bid/93219 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1358523 | Issue Tracking VDB Entry Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1968.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2016-1969.html | Vendor Advisory |
http://www.securityfocus.com/bid/93219 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1358523 | Issue Tracking VDB Entry Vendor Advisory |
Configurations
History
21 Nov 2024, 02:54
Type | Values Removed | Values Added |
---|---|---|
References | () http://rhn.redhat.com/errata/RHSA-2016-1968.html - Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2016-1969.html - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/93219 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1358523 - Issue Tracking, VDB Entry, Vendor Advisory |
Information
Published : 2016-10-03 18:59
Updated : 2024-11-21 02:54
NVD link : CVE-2016-5398
Mitre link : CVE-2016-5398
CVE.ORG link : CVE-2016-5398
JSON object : View
Products Affected
redhat
- jboss_bpm_suite
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')