CVE-2017-7463

Published: Jul 27, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.

Affected (1)

Products: Redhat: Jboss Bpm Suite

1 product

Jboss Bpm Suite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Bpm Suite	From 6.0.0 to 6.4.3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

http://www.securityfocus.com/bid/98385

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1217

Source: secalert@redhat.com

Broken LinkVendor Advisory

https://access.redhat.com/errata/RHSA-2017:1218

Source: secalert@redhat.com

Broken LinkVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463

Source: secalert@redhat.com

Issue TrackingVendor Advisory

http://www.securityfocus.com/bid/98385

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1217

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

https://access.redhat.com/errata/RHSA-2017:1218

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.