CVE-2016-5398: Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject…

medium5.4CVSS 3.0

AVNACLPRLUIRSCCLILAN

Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.

Affected

4 ranges

Vendor	Product	Version range	Fixed in
red_hat	brms	—	—
redhat	jboss_bpm_suite	<= 6.3.2	—
redhat	jboss_bpm_suite	—	—
redhat	jboss_business_rules_management_system	—	—