CVE-2013-4372

Red Hat JBoss Fuse and A-MQ - Stored Cross-Site Scripting via User Field or Profile Version

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.

References (7)

Core 7
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1862.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/62659
Vendor Advisory x_refsource_confirm
http://fusesource.com/issues/browse/FMC-495
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1286.html

Scores

EPSS 0.0216
EPSS Percentile 80.1%

Details

CWE
CWE-79
Status published
Products (2)
redhat/jboss_a-mq 6.0.0
redhat/jboss_fuse 6.0.0
Published Sep 30, 2013
Tracked Since Feb 18, 2026