CVE-2013-6465
MEDIUMJBPM KIE Workbench 6.0.x - Authenticated Cross-Site Scripting via Task Name HTML Input
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2013-6465. PoCs published by dawetmaster, andikahilmy.
AI-analyzed exploit summary This repository contains source code for jBPM Console NG, specifically the asset management module, which is vulnerable to CVE-2013-6465. The code includes interfaces and implementations for repository configuration, project building, and asset promotion, but does not include an exploit PoC or detailed vulnerability analysis.
Description
Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.
Exploits (2)
This repository contains source code for jBPM Console NG, specifically the asset management module, which is vulnerable to CVE-2013-6465. The code includes interfaces and implementations for repository configuration, project building, and asset promotion, but does not include an exploit PoC or detailed vulnerability analysis.
This repository contains source code for jBPM Console NG, specifically the asset management module, which is vulnerable to CVE-2013-6465. The code includes interfaces and implementations for repository configuration, project building, and asset promotion, but does not include an exploit PoC or detailed vulnerability analysis.
References (3)
Scores
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N