Vulnerabilities > Redhat > Jboss BPM Suite > 6.3.2

DATE CVE VULNERABILITY TITLE RISK
2018-10-31 CVE-2016-6343 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder.
network
low complexity
redhat CWE-79
5.4
5.4
2018-07-27 CVE-2017-7463 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload.
network
redhat CWE-79
4.3
4.3
2018-07-27 CVE-2017-2674 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central.
network
redhat CWE-79
3.5
3.5
2018-07-27 CVE-2017-2658 Improper Input Validation vulnerability in Redhat products
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests.
network
low complexity
redhat CWE-20
6.5
6.5
2016-10-03 CVE-2016-5398 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
network
redhat CWE-79
3.5
3.5
2016-09-07 CVE-2016-7034 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss BPM Suite 6.3.2
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.
network
redhat CWE-352
6.8
6.8
2016-09-07 CVE-2016-7033 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite 6.3.2
Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
redhat CWE-79
4.3
4.3