CVE-2013-6465: XSS
First published: Fri Jan 03 2014(Updated: )
Gregory Draperi reports: A cross-site scripting flaw has been reported in jBPM. The flaw allows remote authenticated attackers to store arbitrary script code in certain jBPM workbench fields, the script could be executed later in the context of other users while browsing through several workbench pages.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jbpm | =6.0.0 | |
| Redhat Jbpm | =6.0.0-alpha7 | |
| Redhat Jbpm | =6.0.0-alpha9 | |
| Redhat Jbpm | =6.0.0-beta1 | |
| Redhat Jbpm | =6.0.0-beta2 | |
| Redhat Jbpm | =6.0.0-beta3 | |
| Redhat Jbpm | =6.0.0-beta4 | |
| Redhat Jbpm | =6.0.0-beta5 | |
| Redhat Jbpm | =6.0.0-cr1 | |
| Redhat Jbpm | =6.0.0-cr2 | |
| Redhat Jbpm | =6.0.0-cr3 | |
| Redhat Jbpm | =6.0.0-cr4 | |
| Redhat Jbpm | =6.0.0-cr5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-6465
- vendor/redhat
- canonical/redhat jbpm
- version/redhat jbpm/6.0.0
- version/redhat jbpm/6.0.0-alpha7
- version/redhat jbpm/6.0.0-alpha9
- version/redhat jbpm/6.0.0-beta1
- version/redhat jbpm/6.0.0-beta2
- version/redhat jbpm/6.0.0-beta3
- version/redhat jbpm/6.0.0-beta4
- version/redhat jbpm/6.0.0-beta5
- version/redhat jbpm/6.0.0-cr1
- version/redhat jbpm/6.0.0-cr2
- version/redhat jbpm/6.0.0-cr3
- version/redhat jbpm/6.0.0-cr4
- version/redhat jbpm/6.0.0-cr5