CVE-2016-5398
stored XSS in JBoss BPM suite business process editor
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
Vulnerabilidad de XSS en Business Process Editor en Red Hat JBoss BPM Suite en versiones anteriores a 6.3.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios apalancando los permisos para crear procesos de negocio.
A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-06-10 CVE Reserved
- 2016-09-29 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/93219 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-1968.html | 2016-10-04 | |
http://rhn.redhat.com/errata/RHSA-2016-1969.html | 2016-10-04 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1358523 | 2016-09-28 | |
https://access.redhat.com/security/cve/CVE-2016-5398 | 2016-09-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Jboss Bpm Suite Search vendor "Redhat" for product "Jboss Bpm Suite" | <= 6.3.2 Search vendor "Redhat" for product "Jboss Bpm Suite" and version " <= 6.3.2" | - |
Affected
|