← Back

CVE-2011-3606

nvd nist
Published: Nov 26, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.

Affected (8)

Redhat
1 product
Jboss Application Server
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Jboss Application Server
Version 7.0.0
Jboss Application Server
Version 7.0.0 alpha1
Jboss Application Server
Version 7.0.0 beta1
Jboss Application Server
Version 7.0.0 beta2
Jboss Application Server
Version 7.0.0 beta3
Jboss Application Server
Version 7.0.0 cr1
Jboss Application Server
Version 7.0.1
Jboss Application Server
Version 7.0.2

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.