CVE-2015-6748

Impact:
Moderate
Public Date:
2015-08-27
CWE:
CWE-79
Bugzilla:
1258310: CVE-2015-6748 jsoup: XSS vulnerability related to incomplete tags at EOF
It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe. A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser.

Find out more about CVE-2015-6748 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.9
Base Metrics AV:N/AC:M/Au:S/C:P/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication Single
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss BPMS 6.2 RHSA-2015:2560 2015-12-07
Red Hat JBoss BRMS 6.2 RHSA-2015:2559 2015-12-07

Affected Packages State

Platform Package State
Red Hat JBoss Fuse 6 jsoup Will not fix
Red Hat JBoss EAP 6 hibernate Will not fix

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.