Vulnerability Description
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Bpm Suite | <= 6.3.2 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2016-1968.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1969.htmlVendor Advisory
- http://www.securityfocus.com/bid/93219Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1358523Issue TrackingVDB EntryVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1968.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2016-1969.htmlVendor Advisory
- http://www.securityfocus.com/bid/93219Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1358523Issue TrackingVDB EntryVendor Advisory
FAQ
What is CVE-2016-5398?
CVE-2016-5398 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permiss...
How severe is CVE-2016-5398?
CVE-2016-5398 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5398?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Bpm Suite.