CVE-2013-4372
Red Hat JBoss Fuse and A-MQ - Stored Cross-Site Scripting via User Field or Profile Version
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1862.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/62659
Vendor Advisory x_refsource_confirm
http://fusesource.com/issues/browse/FMC-495
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1286.html
Various Sources x_refsource_confirm
http://fusesource.com/forge/git/fuseenterprise.git/?p=fuseenterprise.git%3Ba=commitdiff%3Bh=f5436ea1c5547c851bb6f92561272fe42c146e68
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1011736
Exploit, Patch x_refsource_confirm
https://github.com/jboss-fuse/fuse/commit/e280cb370323eeb759030919d5111ed809e8ded5
Scores
EPSS
0.0216
EPSS Percentile
80.1%
Details
CWE
CWE-79
Status
published
Products (2)
redhat/jboss_a-mq
6.0.0
redhat/jboss_fuse
6.0.0
Published
Sep 30, 2013
Tracked Since
Feb 18, 2026