Stored XSS Vulnerability in JBoss BRMS and BPM Suite by Red Hat
CVE-2017-2674
6.1MEDIUM
Summary
JBoss BRMS 6 and BPM Suite 6 prior to version 6.4.3 contain a vulnerability that allows remote authenticated attackers to inject malicious scripts through improperly sanitized user inputs when creating new lists in Business Central. This flaw can lead to the execution of the stored scripts when other users, including administrators, view these lists, posing significant security risks.
Affected Version(s)
business-central 6.4.3
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved