JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.
CPE | Name | Operator | Version |
---|---|---|---|
jboss_bpm_suite | ge | 6.0.0 | |
jboss_bpm_suite | lt | 6.4.2 |