Vulnerability Details CVE-2016-6343
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 3.5
References
- http://rhn.redhat.com/errata/RHSA-2017-0557.html
- http://www.securityfocus.com/bid/96987
- https://access.redhat.com/errata/RHSA-2018:0296
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6343
- http://rhn.redhat.com/errata/RHSA-2017-0557.html
- http://www.securityfocus.com/bid/96987
- https://access.redhat.com/errata/RHSA-2018:0296
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6343
Products affected by CVE-2016-6343
-
cpe:2.3:a:redhat:jboss_bpm_suite:6.0.0
-
cpe:2.3:a:redhat:jboss_bpm_suite:6.0.1
-
cpe:2.3:a:redhat:jboss_bpm_suite:6.0.3
-
cpe:2.3:a:redhat:jboss_bpm_suite:6.1
-
cpe:2.3:a:redhat:jboss_bpm_suite:6.1.2
-
cpe:2.3:a:redhat:jboss_bpm_suite:6.2
-
cpe:2.3:a:redhat:jboss_bpm_suite:6.3
-
cpe:2.3:a:redhat:jboss_bpm_suite:6.3.2
-
cpe:2.3:a:redhat:jboss_bpm_suite:6.4