N/A

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.

N/A

输入验证不恰当

Red Hat JBoss BRMS和BPM Suite 输入验证漏洞

Red Hat JBoss BRMS和BPM Suite都是美国红帽（Red Hat）公司的产品。前者是一套企业级业务规则管理系统平台，后者是一套集合了JBoss BRMS所有功能的业务流程管理平台。 Red Hat JBoss BRMS 6.0版本和BPM Suite 6.0.0版本中存在HTML注入漏洞，该漏洞源于程序没有过滤用户提交的输入。攻击者可利用该漏洞在受影响浏览器的上下文中执行恶意的HTML和脚本代码，窃取基于cookie的身份验证证书或控制站点呈现的方式。

N/A

N/A