Lucene search
K

11 matches found

Prion
Prion
added 2018/10/31 1:29 p.m.22 views

Cross site scripting

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...

3.5CVSS6.1AI score0.0166EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2018/10/31 1:0 p.m.62 views

CVE-2016-6343

CVE-2016-6343 affects Red Hat JBoss BPM Suite 6 (dashbuilder). A reflected XSS vulnerability allows an authenticated admin to click a malicious link at /dashbuilder/Controller and execute script code in the user’s browser. The issue relies on dashbuilder’s handling of input in that endpoint; expl...

6.1CVSS5.7AI score0.0166EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2018/08/01 2:29 p.m.34 views

CVE-2016-8608

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before...

5.4CVSS5.2AI score0.01259EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/08/01 2:0 p.m.34 views

CVE-2016-8608

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before...

5.4CVSS5.2AI score0.01259EPSS
Exploits0References4
Prion
Prion
added 2018/07/27 6:29 p.m.23 views

Cross site scripting

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are no...

3.5CVSS5.5AI score0.01295EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2018/07/27 6:29 p.m.20 views

Design/Logic Flaw

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of...

4.3CVSS6.1AI score0.01818EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2017/04/06 3:18 p.m.26 views

CVE-2017-7463

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code with...

6.1CVSS6.1AI score0.01818EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/04/06 3:18 p.m.24 views

CVE-2017-2674

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly...

6.1CVSS5.2AI score0.01295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/03/16 8:18 p.m.31 views

CVE-2016-6343

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...

6.1CVSS5.7AI score0.0166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/11/28 5:47 p.m.34 views

CVE-2016-8608

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before...

5.4CVSS5.4AI score0.01259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/08/31 7:48 a.m.24 views

CVE-2016-6344

It was discovered that JBoss BRMS 6 and BPM Suite 6 are not setting HttpOnly flags on sensitive cookies. Remote attackers can access these cookies by using client-side scripts, usually through XSS...

5.3CVSS2.1AI score0.02185EPSS
Exploits0References1
Rows per page
Query Builder