Description

Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1048380

https://github.com/kiegroup/jbpm-wb/commit/4818204506e8e94645b52adb9426bedfa9ffdd04

https://github.com/kiegroup/jbpm-wb/compare/6.0.x

Related Vulnerabilities

CVE-2012-0838 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2023-50720 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-solr-api

CVE-2022-29161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-crypto

CVE-2023-35160 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-logparser

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Issue Tracking Patch Release Notes