CVE-2018-10934 — Cross-site Scripting in Redhat Jboss Enterprise Application Platform

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.4%

top 38.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Wildfly-core Redhat Jboss Enterprise Application Platform Redhat Single Sign-on

Timeline

PublishedMar 27

Latest updateMay 14

Description

A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDredhat/jboss_enterprise_application_platform7.0, 7.1.0+1

▶CVEListV5red_hat/wildfly-core7.1.6.CR1, 7.1.6.GA+1

▶NVDredhat/single_sign-on7.2

🔴Vulnerability Details

GHSA

GHSA-fw7x-p3x6-x9p7: A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7↗2022-05-14

▶

CVEList

CVE-2018-10934: A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7↗2019-03-27

▶

📋Vendor Advisories

Red Hat

wildfly-core: Cross-site scripting (XSS) in JBoss Management Console↗2018-08-14

▶

💬Community

Bugzilla

CVE-2018-10934 wildfly-core: Cross-site scripting (XSS) in JBoss Management Console↗2018-08-14

▶