Vulnerabilities > Redhat > Jboss BPM Suite > 6.3

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-31	CVE-2016-6343	Unspecified vulnerability in Redhat Jboss BPM Suite JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. network low complexity redhat	5.4
2018-07-27	CVE-2017-7463	Cross-site Scripting vulnerability in Redhat Jboss BPM Suite JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. network low complexity redhat CWE-79	6.1
2018-07-27	CVE-2017-2674	Cross-site Scripting vulnerability in Redhat Jboss BPM Suite JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. network low complexity redhat CWE-79	5.4
2018-07-27	CVE-2017-2658	Unspecified vulnerability in Redhat products It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. network low complexity redhat	6.5
2016-10-03	CVE-2016-5398	Cross-site Scripting vulnerability in Redhat Jboss BPM Suite Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes. network low complexity redhat CWE-79	5.4
2016-09-07	CVE-2016-6344	Information Exposure vulnerability in Redhat Jboss BPM Suite 6.3 Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. network low complexity redhat CWE-200	5.3