CVE-2011-3606

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
redhatjboss_application_server
7.0.0
redhatjboss_application_server
7.0.0:alpha1
redhatjboss_application_server
7.0.0:beta1
redhatjboss_application_server
7.0.0:beta2
redhatjboss_application_server
7.0.0:beta3
redhatjboss_application_server
7.0.0:cr1
redhatjboss_application_server
7.0.1
redhatjboss_application_server
7.0.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jbossas4
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/cve-2011-3606
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606
https://security-tracker.debian.org/tracker/CVE-2011-3606
https://access.redhat.com/security/cve/cve-2011-3606
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606
https://security-tracker.debian.org/tracker/CVE-2011-3606