Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2013-0191.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0192.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0193.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0194.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0195.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0196.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0197.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0198.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0221.html | Vendor Advisory |
http://secunia.com/advisories/51984 | Vendor Advisory |
http://secunia.com/advisories/52054 | Vendor Advisory |
http://www.osvdb.org/89578 | |
http://www.securityfocus.com/bid/57548 | |
https://bugzilla.redhat.com/show_bug.cgi?id=760387 |
Configurations
History
13 Feb 2023, 00:21
Type | Values Removed | Values Added |
---|---|---|
Summary | Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |
References |
|
02 Feb 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that the parameters passed to operation invocations on the JMX console were not properly sanitized. Remote attackers could use this flaw to inject arbitrary web script or HTML into the JMX console. | |
References |
|
Information
Published : 2013-02-05 23:55
Updated : 2023-12-10 11:16
NVD link : CVE-2011-4575
Mitre link : CVE-2011-4575
CVE.ORG link : CVE-2011-4575
JSON object : View
Products Affected
redhat
- jboss_enterprise_web_platform
- jboss_enterprise_brms_platform
- jboss_enterprise_application_platform
CWE
CWE-20
Improper Input Validation