← Back

CVE-2013-6465

nvd nist
Published: Dec 19, 2017Modified: May 13, 2026

JSON object

Loading...
5.4
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.

Affected (13)

Products: Redhat: Jbpm
Redhat
1 product
Jbpm
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Jbpm
Version 6.0.0
Jbpm
Version 6.0.0 alpha7
Jbpm
Version 6.0.0 alpha9
Jbpm
Version 6.0.0 beta1
Jbpm
Version 6.0.0 beta2
Jbpm
Version 6.0.0 beta3
Jbpm
Version 6.0.0 beta4
Jbpm
Version 6.0.0 beta5
Jbpm
Version 6.0.0 cr1
Jbpm
Version 6.0.0 cr2
Jbpm
Version 6.0.0 cr3
Jbpm
Version 6.0.0 cr4
Jbpm
Version 6.0.0 cr5

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

Source: secalert@redhat.com
Issue TrackingPatch
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes

Timeline

No history available yet.