CVE-2011-3606 Information

Description

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user with the administrator privilege to visit it which would lead into the DOM environment modification and arbitrary HTML or web script execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://access.redhat.com/security/cve/cve-2011-3606 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3606 https://security-tracker.debian.org/tracker/CVE-2011-3606

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4