CVE-2017-7463

Impact:
Moderate
Public Date:
2017-02-13
CWE:
CWE-79
Bugzilla:
1439823: CVE-2017-7463 business-central: Reflected XSS in artifact upload error message
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.

Find out more about CVE-2017-7463 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 6.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Impact Low
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss BRMS 6.4 RHSA-2017:1217 2017-05-09
Red Hat JBoss BPMS 6.4 RHSA-2017:1218 2017-05-09

Acknowledgements

Red Hat would like to thank Chris Hebert, Vikas Pandey, Harold Schliesske, and Ryan Stanley (Noblis) for reporting this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.