CVE-2013-6465

MEDIUM

Redhat Jbpm - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.

Exploits (2)

nomisec WRITEUP

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2013-6465-jjbpm-wbbpm-vulnerable

View Code ZIP pw:eip

nomisec WRITEUP

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2013-6465-jjbpm-wbbpm-vulnerable

View Code ZIP pw:eip

References (3)

[Patch] https://github.com/kiegroup/jbpm-wb/commit/4818204506e8e94645b52adb9426bedfa9ffdd04

[Release Notes] https://github.com/kiegroup/jbpm-wb/compare/6.0.x

[Issue Tracking, Patch] https://bugzilla.redhat.com/show_bug.cgi?id=1048380

Scores

CVSS v3 5.4

EPSS 0.0016

EPSS Percentile 36.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

redhat/jbpm 6.0.0 (13 CPE variants)

Published Dec 19, 2017

Tracked Since Feb 18, 2026