Skip to main content

Jboss A Mq CVE-2013-4372

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2013-09-30 secalert@redhat.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 30, 2013 - 21:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.

AnalysisAI

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page. Affected products include: Redhat Jboss A-Mq, Redhat Jboss Fuse.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2015-7501 CRITICAL
9.8 Nov 09

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2015-5183 HIGH
7.5 Sep 25

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerab

CVE-2022-1278 HIGH
7.5 Sep 13

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload

CVE-2023-1664 MEDIUM
6.5 May 26

A flaw was found in Keycloak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentic

CVE-2023-4066 MEDIUM
5.5 Sep 27

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, de

CVE-2023-4065 MEDIUM
5.5 Sep 27

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, sho

CVE-2015-5181 MEDIUM
5.4 Sep 25

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. Rated medium severity (CVSS 5.4), thi

CVE-2021-3536 MEDIUM
4.8 May 20

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin conso

CVE-2021-3425 MEDIUM
4.4 Jun 01

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker

CVE-2014-0085 LOW
2.1 Apr 17

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. Rated low severity (CVSS 2.1)

Share

CVE-2013-4372 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy