Stored XSS Vulnerability in JBoss BRMS and BPM Suite by Red Hat
CVE-2017-2674

6.1MEDIUM

Key Information:

Vendor
Red Hat
Vendor
CVE Published:
27 July 2018

Summary

JBoss BRMS 6 and BPM Suite 6 prior to version 6.4.3 contain a vulnerability that allows remote authenticated attackers to inject malicious scripts through improperly sanitized user inputs when creating new lists in Business Central. This flaw can lead to the execution of the stored scripts when other users, including administrators, view these lists, posing significant security risks.

Affected Version(s)

business-central 6.4.3

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.