CVE-2013-4372

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.

Reference

https://github.com/jboss-fuse/fuse/commit/e280cb370323eeb759030919d5111ed809e8ded5
https://bugzilla.redhat.com/show_bug.cgi?id=1011736
http://rhn.redhat.com/errata/RHSA-2013-1286.html
http://fusesource.com/issues/browse/FMC-495
http://rhn.redhat.com/errata/RHSA-2013-1862.html
http://www.securityfocus.com/bid/62659
http://fusesource.com/forge/git/fuseenterprise.git/?p=fuseenterprise.git%3Ba=commitdiff%3Bh=f5436ea1c5547c851bb6f92561272fe42c146e68

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

13-02-2023 - 04:46

Objavljeno

30-09-2013 - 21:55