Reflected XSS Vulnerability in JBoss BRMS and BPM Suite by Red Hat
CVE-2017-7463

6.1MEDIUM

Key Information:

Vendor
Red Hat
Vendor
CVE Published:
27 July 2018

Summary

JBoss BRMS and BPM Suite versions prior to 6.4.3 are susceptible to reflected Cross-Site Scripting (XSS) due to a flaw in the artifact upload functionality. When a malformed XML file is uploaded, the application fails to properly sanitize error messages, echoing parts of the submitted XML code back to the user. This lack of filtering allows attackers to embed malicious scripts, which can be executed in the context of the affected user's session, potentially leading to unauthorized actions and data breaches.

Affected Version(s)

business-central 6.4.3

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.