CVE-2016-6343Cross-site Scripting in Redhat Jboss BPM Suite

CWE-79Cross-site Scripting5 documents5 sources
Severity
5.4MEDIUMNVD
CNA6.1
EPSS
0.4%
top 41.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Jboss BPM Suite
Timeline
PublishedOct 31
Latest updateMay 13

Description

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVDredhat/jboss_bpm_suite6.0.06.4.2

🔴Vulnerability Details

2
GHSA
GHSA-6cfp-g7xp-c376: JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder2022-05-13
CVEList
CVE-2016-6343: JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder2018-10-31

📋Vendor Advisories

1
Red Hat
Dashbuilder: Reflected XSS2017-03-16

💬Community

1
Bugzilla
CVE-2016-6343 Dashbuilder: Reflected XSS2016-08-31
CVE-2016-6343 — Cross-site Scripting in Redhat | cvebase