← back
CVE-2017-7463

CVE-2017-7463

CVSS 6.1 MEDIUMEPSS 1.8%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
27 Jul 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
Red Hat · business-central

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2017:1217https://access.redhat.com/errata/RHSA-2017:1218https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463http://www.securityfocus.com/bid/98385