2 matches found
CVE-2016-8608
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before...
stored XSS in JBoss BPM suite business process editor
A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users...