JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/98385 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:1217 | Broken Link Vendor Advisory |
https://access.redhat.com/errata/RHSA-2017:1218 | Broken Link Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463 | Issue Tracking Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-07-27 18:29
Updated : 2024-02-28 16:48
NVD link : CVE-2017-7463
Mitre link : CVE-2017-7463
CVE.ORG link : CVE-2017-7463
JSON object : View
Products Affected
redhat
- jboss_bpm_suite
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')