XSS in Redhat Jboss_bpm_suite
CVE-2016-5398
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.002 (40.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Redhat Jboss_bpm_suite
- N/a — versions n/a
Weakness classification (CWE)
References
- 93219 (Third Party Advisory, vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM, VDB Entry, Issue Tracking, Vendor Advisory)
- RHSA-2016:1969 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- RHSA-2016:1968 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2016-5398?
- CVE-2016-5398 is a medium-severity vulnerability in Redhat Jboss_bpm_suite, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2016-10-03.
- How severe is CVE-2016-5398?
- Medium severity. CVSS v3 base score is 5.4 out of 10.