4.3

CVE-2013-4372

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatJboss A-mq Version6.0.0
RedhatJboss Fuse Version6.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.16% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://rhn.redhat.com/errata/RHSA-2013-1862.html
http://fusesource.com/forge/git/fuseenterprise.git/?p=fuseenterprise.git%3Ba=commitdiff%3Bh=f5436ea1c5547c851bb6f92561272fe42c146e68
http://fusesource.com/issues/browse/FMC-495
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1286.html
http://www.securityfocus.com/bid/62659
https://bugzilla.redhat.com/show_bug.cgi?id=1011736
Patch
https://github.com/jboss-fuse/fuse/commit/e280cb370323eeb759030919d5111ed809e8ded5
Patch
Exploit