CVE-2013-4372 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.
Reference
http://fusesource.com/forge/git/fuseenterprise.git/?p=fuseenterprise.git;a=commitdiff;h=f5436ea1c5547c851bb6f92561272fe42c146e68 http://fusesource.com/issues/browse/FMC-495 http://rhn.redhat.com/errata/RHSA-2013-1286.html http://rhn.redhat.com/errata/RHSA-2013-1862.html http://www.securityfocus.com/bid/62659 https://bugzilla.redhat.com/show_bug.cgi?id=1011736 https://github.com/jboss-fuse/fuse/commit/e280cb370323eeb759030919d5111ed809e8ded5
Share on: