Red Hat JBoss Enterprise Application Platform is vulnerable to cross-site scripting (XSS) attacks in JBoss Management Console, which allows user with roles that can create objects to inject arbitrary scripts to perform attack.
access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html
access.redhat.com/errata/RHSA-2019:1159
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1613428
bugzilla.redhat.com/show_bug.cgi?id=1630924
bugzilla.redhat.com/show_bug.cgi?id=1630928
bugzilla.redhat.com/show_bug.cgi?id=1631773
bugzilla.redhat.com/show_bug.cgi?id=1643557
bugzilla.redhat.com/show_bug.cgi?id=1675264
bugzilla.redhat.com/show_bug.cgi?id=1691431