CVE-2017-7463: XSS
First published: Thu Apr 06 2017(Updated: )
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/BPMS | <6.4.3 | 6.4.3 |
| redhat/BRMS | <6.4.3 | 6.4.3 |
| Redhat Jboss Bpm Suite | >=6.0.0<6.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-7463
- agent/software-canonical-lookup
- vendor/redhat
- canonical/redhat jboss bpm suite
- version/redhat jboss bpm suite/6.0.0
- package-manager/redhat