Unrated severityNVD Advisory· Published Aug 1, 2018· Updated Aug 6, 2024

CVE-2016-8608

Description

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Red Hat/JBoss BRMSllm-fuzzy
Red Hat/BRMScpe-rescue
Range: 6

Patches

Vulnerability mechanics

References

rhn.redhat.com/errata/RHSA-2016-2822.htmlmitrevendor-advisoryx_refsource_REDHAT
rhn.redhat.com/errata/RHSA-2016-2823.htmlmitrevendor-advisoryx_refsource_REDHAT
www.securityfocus.com/bid/94568mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000