CVE-2017-7554

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 47.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Mobile Application Platform

Timeline

PublishedSep 29

Latest updateMay 14

Description

It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDredhat/mobile_application_platform4.4

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-9589-9vq9-wh72: It was found that the App Studio component of RHMAP 4↗2022-05-14

▶

CVEList

CVE-2017-7554: It was found that the App Studio component of RHMAP 4↗2017-09-28

▶

📋Vendor Advisories

Red Hat

RHMAP: Stored XSS in App Store↗2017-09-11

▶

💬Community

Bugzilla

CVE-2017-7554 RHMAP: Stored XSS in App Store↗2017-08-07

▶