Lucene search
K

7 matches found

Cvelist
Cvelist
added 2018/08/01 2:0 p.m.34 views

CVE-2016-8608

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before...

5.4CVSS5.2AI score0.01259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2018/08/01 12:0 a.m.5 views

PT-2018-5029 · Red Hat · Jboss Brms 6 +1

Name of the Vulnerable Software and Affected Versions: JBoss BRMS 6 and BPM Suite 6 Description: The issue is related to a stored XSS flaw in the business process editor, caused by an incomplete fix. Remote, authenticated attackers with privileges to create business processes can store scripts th...

5.4CVSS5.4AI score0.01259EPSS
Exploits0References5
Prion
Prion
added 2018/07/27 6:29 p.m.23 views

Cross site scripting

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are no...

3.5CVSS5.5AI score0.01295EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2017/04/06 3:18 p.m.26 views

CVE-2017-7463

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code with...

6.1CVSS6.1AI score0.01818EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/04/06 3:18 p.m.24 views

CVE-2017-2674

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly...

6.1CVSS5.2AI score0.01295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/11/28 5:47 p.m.34 views

CVE-2016-8608

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before...

5.4CVSS5.4AI score0.01259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/08/31 7:48 a.m.24 views

CVE-2016-6344

It was discovered that JBoss BRMS 6 and BPM Suite 6 are not setting HttpOnly flags on sensitive cookies. Remote attackers can access these cookies by using client-side scripts, usually through XSS...

5.3CVSS2.1AI score0.02185EPSS
Exploits0References1
Rows per page
Query Builder