Back to bug 1373344
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jeremy Choi | 2016-09-06 04:27:09 UTC | Blocks | 1373338 | |
| Jeremy Choi | 2016-09-06 04:52:20 UTC | Whiteboard | impact=low,public=20160906,reported=20160906,source=redhat,cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected | impact=low,public=20160906,reported=20160906,source=redhat,cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected |
| Pavel Polischouk | 2016-10-18 22:03:21 UTC | Whiteboard | impact=low,public=20160906,reported=20160906,source=redhat,cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected | impact=low,public=20160906,reported=20160906,source=redhat,cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=affected |
| Pavel Polischouk | 2016-10-18 22:03:29 UTC | CC | etirelli, kverlaen | |
| Pavel Polischouk | 2016-12-15 16:08:56 UTC | Whiteboard | impact=low,public=20160906,reported=20160906,source=redhat,cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=affected | impact=low,public=20160906,reported=20160906,source=redhat,cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=notaffected |
| David Gutierrez | 2016-12-30 09:23:28 UTC | Status | NEW | MODIFIED |
| CC | dgutierr | |||
| Pavel Polischouk | 2017-01-12 22:21:19 UTC | Status | MODIFIED | NEW |
| Pavel Polischouk | 2017-01-12 22:39:09 UTC | Doc Text | JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via dashbuilder. Remote, authenticated attackers that have privileges to access dashbuilder (usually admins) can store scripts in several editable fields, which are not properly sanitized before showing to other users, including other admins. | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Pavel Polischouk | 2017-01-12 22:59:47 UTC | Blocks | 1412839 | |
| Pavel Polischouk | 2017-02-06 19:42:25 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-02-06 14:42:25 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:55:15 UTC | Whiteboard | impact=low,public=20160906,reported=20160906,source=redhat,cvss2=4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N,cvss3=4.2/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=notaffected |
Back to bug 1373344