CVE-2016-6343 in JBoss BPM Suiteinformación

Resumen

por MITRE

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Red Hat, Inc.

Reservar

2016-07-26

Divulgación

2018-10-31

Moderación

aceptado

Artículo

VDB-126345

CPE

listo

CWE

CWE-79 (confirmado)

CVSS

5.4 (NVD)

EPSS

0.00365

KEV

Actividades

muy bajo

Sector

Chemical, Finance, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6343
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6343
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6343/

◂ Anterior Visión De Conjunto Próximo ▸

Do you know our Splunk app?

Download it now for free!