CVE-2017-7463 Information

Description

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file if uploaded causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/98385 https://access.redhat.com/errata/RHSA-2017:1217 https://access.redhat.com/errata/RHSA-2017:1218 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1