Cross-Site Scripting Vulnerability in JBoss Management Console
CVE-2018-10934
5.4MEDIUM
Summary
A cross-site scripting (XSS) vulnerability has been identified in the JBoss Management Console, allowing users with the ability to create objects within the application to inject malicious scripts. This exploitation could notably compromise other users with privileged roles, leading to potential unauthorized actions and data exposure. It is critical for organizations utilizing affected versions to implement the necessary updates to rectify this vulnerability and safeguard against XSS attacks.
Affected Version(s)
wildfly-core 7.1.6.CR1
wildfly-core 7.1.6.GA
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved