CVE-2017-7463Cross-site Scripting in Redhat Jboss BPM Suite

CWE-79Cross-site Scripting5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.7%
top 29.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Jboss BPM SuiteRED HAT Business-central
Timeline
PublishedJul 27
Latest updateMay 13

Description

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDredhat/jboss_bpm_suite6.0.06.4.3
CVEListV5red_hat/business-central6.4.3

🔴Vulnerability Details

2
GHSA
GHSA-65vp-3wr6-gx6m: JBoss BRMS 6 and BPM Suite 6 before 62022-05-13
CVEList
CVE-2017-7463: JBoss BRMS 6 and BPM Suite 6 before 62018-07-27

📋Vendor Advisories

1
Red Hat
business-central: Reflected XSS in artifact upload error message2017-02-13

💬Community

1
Bugzilla
CVE-2017-7463 business-central: Reflected XSS in artifact upload error message2017-04-06
CVE-2017-7463 — Cross-site Scripting in Redhat | cvebase