CVE-2018-10934
MEDIUMJBoss Enterprise Application Platform - Stored Cross-Site Scripting in Management Console
Title source: llmDescription
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190611-0002/
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1160
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1162
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1159
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1161
Scores
CVSS v3
5.4
EPSS
0.0041
EPSS Percentile
61.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
redhat/jboss_enterprise_application_platform
7.0
redhat/jboss_enterprise_application_platform
7.1.0
redhat/single_sign-on
7.2
Published
Mar 27, 2019
Tracked Since
Feb 18, 2026