CVE-2017-7463

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
redhatCNA
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
redhatjboss_bpm_suite
6.0.0 ≤
𝑥
< 6.4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98385
https://access.redhat.com/errata/RHSA-2017:1217
https://access.redhat.com/errata/RHSA-2017:1218
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463
http://www.securityfocus.com/bid/98385
https://access.redhat.com/errata/RHSA-2017:1217
https://access.redhat.com/errata/RHSA-2017:1218
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463