CVE-2013-6465 Vulnerability in maven package org.jbpm:jbpm-console-ng-human-tasks-client

Description

Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1048380

https://github.com/kiegroup/jbpm-wb/commit/4818204506e8e94645b52adb9426bedfa9ffdd04

https://github.com/kiegroup/jbpm-wb/compare/6.0.x

Related Vulnerabilities

CVE-2019-15532 Vulnerability in npm package cyberchef

CVE-2022-31151 Vulnerability in maven package org.webjars.npm:undici

CVE-2021-46708 Vulnerability in maven package org.webjars:swagger-ui

CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_3

CVE-2023-29525 Vulnerability in maven package org.xwiki.platform:xwiki-platform-legacy-events-hibernate-ui

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N