CVE-2017-2674

6.1MEDIUM

Key Information:

Vendor
Red Hat
Status
Business-central
Vendor
CVE Published:
27 July 2018

Summary

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.

Affected Version(s)

business-central 6.4.3

References

https://access.redhat.com/errata/RHSA-2017:1217
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1218
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2674
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.