Vulnerability Description
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Bpm Suite | >= 6.0.0, < 6.4.3 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98385Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1217Broken LinkVendor Advisory
- https://access.redhat.com/errata/RHSA-2017:1218Broken LinkVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463Issue TrackingVendor Advisory
- http://www.securityfocus.com/bid/98385Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1217Broken LinkVendor Advisory
- https://access.redhat.com/errata/RHSA-2017:1218Broken LinkVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463Issue TrackingVendor Advisory
FAQ
What is CVE-2017-7463?
CVE-2017-7463 is a vulnerability with a CVSS score of 6.1 (MEDIUM). JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML ...
How severe is CVE-2017-7463?
CVE-2017-7463 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7463?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Bpm Suite.