HTTP: Red Hat JBoss BPM Suite BRMS Tasks List Cross-Site Scripting
This signature detects attempts to exploit a known vulnerability in Red Hat JBoss BPM Suite and JBoss BRMS. Successful exploitation would result in the execution of arbitrary script code in the target user's browser.
Extended Description
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.
Affected Products
Redhat jboss_bpm_suite
References
CVE: CVE-2017-2674
Short Name
HTTP:XSS:REDHAT-JBOSS-XSS
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
BPM BRMS CVE-2017-2674 Cross-Site Hat JBoss List Red Scripting Suite Tasks
Release Date
05/23/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
False Positive
Unknown
Vendors
Redhat
CVSS Score
3.5