Description
Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1048380
https://github.com/kiegroup/jbpm-wb/commit/4818204506e8e94645b52adb9426bedfa9ffdd04
https://github.com/kiegroup/jbpm-wb/compare/6.0.x
Related Vulnerabilities
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js
CVE-2023-0846 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2023-49803 Vulnerability in maven package org.webjars.npm:koa__cors
CVE-2023-25570 Vulnerability in maven package com.ctrip.framework.apollo:apollo
CVE-2019-17633 Vulnerability in maven package org.eclipse.che:assembly-wsmaster-war