CVE-2018-10934: XSS
First published: Tue Aug 14 2018(Updated: )
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/wildfly-core | <7.1.6. | 7.1.6. |
| Redhat Jboss Enterprise Application Platform | =7.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Jboss Enterprise Application Platform | =7.1.0 | |
| Redhat Single Sign-on | =7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2019:0362
- https://access.redhat.com/errata/RHSA-2019:0364
- https://access.redhat.com/errata/RHSA-2019:0365
- https://access.redhat.com/errata/RHSA-2019:0380
- https://access.redhat.com/errata/RHSA-2019:1159
- https://access.redhat.com/errata/RHSA-2019:1161
- https://access.redhat.com/errata/RHSA-2019:1160
- https://access.redhat.com/errata/RHSA-2019:1162
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://bugzilla.redhat.com/show_bug.cgi?id=1615673
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934
- https://security.netapp.com/advisory/ntap-20190611-0002/
- collector/nvd-index
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-10934
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- version/redhat jboss enterprise application platform/7.1.0
- canonical/redhat single sign-on
- version/redhat single sign-on/7.2
- package-manager/redhat