Unrated severityNVD Advisory· Published Jul 27, 2018· Updated Aug 5, 2024

CVE-2017-2674

Description

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Polymita Technologies/Bpm Suitellm-fuzzy
Range: <6.4.3
Red Hat/JBoss BRMSllm-fuzzy
Range: <6.4.3
Red Hat/business-centralv5
Range: 6.4.3

Patches

Vulnerability mechanics

References

access.redhat.com/errata/RHSA-2017:1217mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2017:1218mitrevendor-advisoryx_refsource_REDHAT
www.securityfocus.com/bid/98390mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000