CVE-2013-6465: XSS
First published: Fri Jan 03 2014(Updated: )
Gregory Draperi reports: A cross-site scripting flaw has been reported in jBPM. The flaw allows remote authenticated attackers to store arbitrary script code in certain jBPM workbench fields, the script could be executed later in the context of other users while browsing through several workbench pages.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat jBPM | =6.0.0 | |
| Red Hat jBPM | =6.0.0-alpha7 | |
| Red Hat jBPM | =6.0.0-alpha9 | |
| Red Hat jBPM | =6.0.0-beta1 | |
| Red Hat jBPM | =6.0.0-beta2 | |
| Red Hat jBPM | =6.0.0-beta3 | |
| Red Hat jBPM | =6.0.0-beta4 | |
| Red Hat jBPM | =6.0.0-beta5 | |
| Red Hat jBPM | =6.0.0-cr1 | |
| Red Hat jBPM | =6.0.0-cr2 | |
| Red Hat jBPM | =6.0.0-cr3 | |
| Red Hat jBPM | =6.0.0-cr4 | |
| Red Hat jBPM | =6.0.0-cr5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-6465?
CVE-2013-6465 has been classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2013-6465?
To fix CVE-2013-6465, update to a version of jBPM that addresses the cross-site scripting vulnerability.
Which versions of jBPM are affected by CVE-2013-6465?
CVE-2013-6465 affects jBPM versions 6.0.0 including alpha, beta, and release candidates up to cr5.
Can CVE-2013-6465 be exploited by unauthenticated users?
No, CVE-2013-6465 requires remote authenticated attackers to exploit the vulnerability.
What type of vulnerability is CVE-2013-6465?
CVE-2013-6465 is a cross-site scripting (XSS) vulnerability that allows the storage of arbitrary script code.
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-6465
- agent/trending
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat jbpm
- version/red hat jbpm/6.0.0
- version/red hat jbpm/6.0.0-alpha7
- version/red hat jbpm/6.0.0-alpha9
- version/red hat jbpm/6.0.0-beta1
- version/red hat jbpm/6.0.0-beta2
- version/red hat jbpm/6.0.0-beta3
- version/red hat jbpm/6.0.0-beta4
- version/red hat jbpm/6.0.0-beta5
- version/red hat jbpm/6.0.0-cr1
- version/red hat jbpm/6.0.0-cr2
- version/red hat jbpm/6.0.0-cr3
- version/red hat jbpm/6.0.0-cr4
- version/red hat jbpm/6.0.0-cr5