Multiple cross-site scripting (XSS) flaws were found in the JON administration interface. If a remote attacker could trick a user, who was logged into the JON administration interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's JON session.
This issue has been resolved in JON 3.0.
This issue has been addressed in following products:
JBoss Operations Network 2.4.2
Via RHSA-2012:0089 https://rhn.redhat.com/errata/RHSA-2012-0089.html