CVE-2011-3206

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 42.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Operations Network Rhq-project RHQ

Timeline

PublishedJan 8

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDredhat/jboss_operations_network2.4.1+7

▶NVDrhq-project/rhq4.2.0

🔴Vulnerability Details

GHSA

GHSA-3j98-rrxh-qmw6: Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4↗2022-05-17

▶

CVEList

CVE-2011-3206: Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4↗2012-01-08

▶

📋Vendor Advisories

Red Hat

JON: Multiple XSS flaws↗2011-12-08

▶

💬Community

Bugzilla

CVE-2011-3206 JON: Multiple XSS flaws↗2011-08-31

▶