CVE-2016-5398
Summary
| CVE | CVE-2016-5398 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-10-03 18:59:00 UTC |
| Updated | 2016-10-04 15:15:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Jboss Bpm Suite | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug 1358523 – CVE-2016-5398 stored XSS in JBoss BPM suite business process editor | CONFIRM | bugzilla.redhat.com | Issue Tracking, VDB Entry, Vendor Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Vendor Advisory |
| Red Hat JBoss BPMS CVE-2016-5398 HTML Injection Vulnerability | BID | www.securityfocus.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.