QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4372

Published: Sep 30, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_BID

http://fusesource.com/issues/browse/FMC-495

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

http://fusesource.com/forge/git/fuseenterprise.git/?p=fuseenterprise.git%3Ba=commitdiff%3Bh=f5436ea1c5547c851bb6f92561272fe42c146e68

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1011736

x_refsource_CONFIRM

https://github.com/jboss-fuse/fuse/commit/e280cb370323eeb759030919d5111ed809e8ded5

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.