Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege...
7.8CVSS
7.3AI Score
0.0004EPSS
A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM....
5.4CVSS
5.4AI Score
0.001EPSS
A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin...
6.5CVSS
6.3AI Score
0.002EPSS
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated...
7.8CVSS
7.4AI Score
0.0004EPSS
6.1CVSS
6.2AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
4.3CVSS
4.6AI Score
0.001EPSS
6.1CVSS
6.5AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS