Description

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-0462.html

https://bugzilla.redhat.com/show_bug.cgi?id=1078646

Related Vulnerabilities

CVE-2023-29020 Vulnerability in npm package @fastify/passport

CVE-2013-7315 Vulnerability in maven package org.springframework:spring-web

CVE-2022-36904 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector

CVE-2023-44794 Vulnerability in maven package cn.dev33:sa-token-core

CVE-2018-1199 Vulnerability in maven package org.springframework.security:spring-security-config

Severity

Critical

Classification

CWE-79

Tags

Vendor Advisory