CVE-2016-8608 vulnerability in Red Hat Products
Published on August 1, 2018
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2016-8608 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2016-8608
stack.watch emails you whenever new vulnerabilities are published in Red Hat Jboss Bpm Suite or Red Hat Jboss Business Rules Management System. Just hit a watch button to start following.
Affected Versions
Red Hat BRMS Version 6 is affected by CVE-2016-8608Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.