CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
71.1%
Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in
the Application Server in Red Hat JBoss Enterprise Application Platform
(aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before
4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web
script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or
(4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6)
objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled
parameter to createThresholdMonitor.jsp. NOTE: some of these details are
obtained from third party information.