Red Hat JBoss Operations Network is vulnerable to cross-site scripting (XSS). Lack of input validation in the Administration Interface allows remote attackers to inject arbitrary Javascript into a victim’s browser to steal session tokens or perform unwanted actions on behalf of the user.