Reflected XSS Vulnerability in JBoss BRMS and BPM Suite by Red Hat
CVE-2017-7463
6.1MEDIUM
Summary
JBoss BRMS and BPM Suite versions prior to 6.4.3 are susceptible to reflected Cross-Site Scripting (XSS) due to a flaw in the artifact upload functionality. When a malformed XML file is uploaded, the application fails to properly sanitize error messages, echoing parts of the submitted XML code back to the user. This lack of filtering allows attackers to embed malicious scripts, which can be executed in the context of the affected user's session, potentially leading to unauthorized actions and data breaches.
Affected Version(s)
business-central 6.4.3
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved