XSS in Rhq-project Rhq

CVE-2011-3206

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspe…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (58.3th percentile) — read the EPSS interpretation.

Affected products

Rhq-project Rhq — versions 4.2.0
Redhat Jboss_operations_network — versions 2.0.0, 2.0.1, 2.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

47197 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
47280 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2012:0089 (x_refsource_REDHAT, vendor-advisory)
1026435 (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_CONFIRM)