jboss is vulnerable to arbitrary code execution. The vulnerability exists through an XSS flaw was found in the JMX Console. An attacker could use this flaw to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user’s browser session.
secunia.com/advisories/37671
securitytracker.com/id?1023315
www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/bid/37276
access.redhat.com/errata/RHSA-2009:1636
access.redhat.com/errata/RHSA-2009:1637
access.redhat.com/errata/RHSA-2009:1649
access.redhat.com/errata/RHSA-2009:1650
access.redhat.com/security/cve/CVE-2009-1380
bugzilla.redhat.com/show_bug.cgi?id=511224
exchange.xforce.ibmcloud.com/vulnerabilities/54698
jira.jboss.org/jira/browse/JBPAPP-1983
rhn.redhat.com/errata/RHSA-2009-1636.html
rhn.redhat.com/errata/RHSA-2009-1637.html
rhn.redhat.com/errata/RHSA-2009-1649.html
rhn.redhat.com/errata/RHSA-2009-1650.html