Vulnerability Details : CVE-2013-4372
Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2013-4372
- cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4372
0.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4372
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-4372
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4372
-
http://rhn.redhat.com/errata/RHSA-2013-1862.html
RHSA-2013:1862 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=1011736
1011736 – (CVE-2013-4372) CVE-2013-4372 Fuse Management Console: Stored cross-site scripting (XSS)Patch
-
http://www.securityfocus.com/bid/62659
JBoss Fuse Management Console CVE-2013-4372 Multiple HTML Injection Vulnerabilities
-
http://fusesource.com/forge/git/fuseenterprise.git/?p=fuseenterprise.git%3Ba=commitdiff%3Bh=f5436ea1c5547c851bb6f92561272fe42c146e68
Free Red Hat Product Downloads | Red Hat Developer
-
https://github.com/jboss-fuse/fuse/commit/e280cb370323eeb759030919d5111ed809e8ded5
FMC-495 FMC susceptible to cross site scripting issues · jboss-fuse/fuse@e280cb3 · GitHubExploit;Patch
-
http://fusesource.com/issues/browse/FMC-495
[FMC-495] FMC susceptible to cross site scripting issues - JBoss Issue TrackerVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-1286.html
RHSA-2013:1286 - Security Advisory - Red Hat Customer Portal
Jump to