CVE-2017-7463
Summary
| CVE | CVE-2017-7463 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-07-27 18:29:00 UTC |
| Updated | 2019-10-09 23:29:00 UTC |
| Description | JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Jboss Bpm Suite | All | All | All | All |
| Application | Redhat | Jboss Bpm Suite | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | Broken Link, Vendor Advisory |
| Red Hat JBoss BRMS and BPM Suite CVE-2017-7463 Cross Site Scripting Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| 1439823 – (CVE-2017-7463) CVE-2017-7463 business-central: Reflected XSS in artifact upload error message | CONFIRM | bugzilla.redhat.com | Issue Tracking, Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Broken Link, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.