Description

A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.

Remediation

References

CVE-2018-10934

Related Vulnerabilities

WordPress Plugin Pricing Table Builder-AP Pricing Tables Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.2)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42127)

GlassFish Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-1553)

WordPress Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2020-4050)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-36097)

Severity

Medium

Classification

CVE-2018-10934 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities