It was reported that after clicking on a malicious URL, JBoss Operations Network use will be redirected to an error page which will contain the JavaScript from that malicious URL. It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing an attacker to view or alter user records, and to perform transactions as that user. Suggested patch is attached to BZ 1235393.
This issue has been addressed in the following products: Via RHSA-2015:1525 https://rhn.redhat.com/errata/RHSA-2015-1525.html