Unrated severityNVD Advisory· Published Jul 27, 2018· Updated Aug 5, 2024

CVE-2017-7463

Description

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Red Hat/JBoss BRMSllm-fuzzy
Range: <6.4.3
Red Hat/business-centralv5
Range: 6.4.3

Patches

Vulnerability mechanics

References

access.redhat.com/errata/RHSA-2017:1217mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2017:1218mitrevendor-advisoryx_refsource_REDHAT
www.securityfocus.com/bid/98385mitrevdb-entryx_refsource_BID
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000