Description
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-1968.html
http://rhn.redhat.com/errata/RHSA-2016-1969.html
http://www.securityfocus.com/bid/93219
https://bugzilla.redhat.com/show_bug.cgi?id=1358523
Related Vulnerabilities
CVE-2019-10306 Vulnerability in maven package org.jenkins-ci.plugins:ontrack
CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2023-25158 Vulnerability in maven package org.geotools:gt-jdbc
CVE-2018-5382 Vulnerability in maven package org.bouncycastle:bcprov-jdk15
CVE-2023-26111 Vulnerability in npm package @nubosoftware/node-static