Lucene search
PRIOn knowledge basePRION:CVE-2016-8608HistoryAug 01, 2018 - 2:29 p.m.
Cross site scripting
2018-08-0114:29:00
PRIOn knowledge base
www.prio-n.com
2
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jboss_bpm_suite | eq | 6.0.0 | |
| jboss_business_rules_management_system | eq | 6.0.0 |
Related
nvd
nvd
CVE-2016-8608
2018-08-01 14:29:00
CVE-2016-5398
2016-10-03 18:59:06
cve
cve
CVE-2016-8608
2018-08-01 14:29:00
CVE-2016-5398
2016-10-03 18:59:06
redhatcve
redhatcve
CVE-2016-8608
2016-11-28 17:47:35
CVE-2016-5398
2016-09-28 23:17:51
cvelist
cvelist
CVE-2016-8608
2018-08-01 14:00:00
CVE-2016-5398
2016-10-03 18:00:00
redhat
redhat
(RHSA-2016:2822) Moderate: Red Hat JBoss BPM Suite security update
2016-11-28 17:46:38
(RHSA-2016:2823) Moderate: Red Hat JBoss BRMS security update
2016-11-28 17:47:01
(RHSA-2016:1969) Moderate: Red Hat JBoss BPM Suite security update
2016-09-28 22:20:32
prion
prion
Cross site scripting
2016-10-03 18:59:00