CVE-2011-3606

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.4%

top 39.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jboss Application Server Jboss Application Server Redhat Jboss Application Server

Timeline

PublishedNov 26

Latest updateApr 22

Description

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDredhat/jboss_application_server7.0.0, 7.0.1, 7.0.2+2

▶CVEListV5jboss_application_server/jboss_application_server7 before 7.1.0 Beta 1

🔴Vulnerability Details

GHSA

GHSA-8pw8-hjx4-j5jp: A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7↗2022-04-22

▶

CVEList

CVE-2011-3606: A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7↗2019-11-26

▶

📋Vendor Advisories

Red Hat

AS: DOM based XSS in the administration console↗2011-12-02

▶

💬Community

Bugzilla

CVE-2011-3606 JBoss AS: DOM based XSS in the administration console↗2011-10-03

▶