CVE-2016-7033 — Cross-site Scripting in Redhat Jboss BPM Suite

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 55.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss BPM Suite

Timeline

PublishedSep 7

Latest updateMay 25

Description

Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDredhat/jboss_bpm_suite6.3.2

🔴Vulnerability Details

OSV

slurm-llnl vulnerabilities↗2022-05-25

▶

GHSA

GHSA-wgm6-69g7-crf7: Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6↗2022-05-14

▶

CVEList

CVE-2016-7033: Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6↗2016-09-07

▶

📋Vendor Advisories

Red Hat

bpms: stored XSS in dashbuilder↗2016-09-06

▶

💬Community

Bugzilla

CVE-2016-7033 JBoss bpms: stored XSS in dashbuilder↗2016-09-06

▶