CVE-2018-10934

medium

Description

A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.

References

https://security.netapp.com/advisory/ntap-20190611-0002/

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934

https://access.redhat.com/errata/RHSA-2019:1162

https://access.redhat.com/errata/RHSA-2019:1161

https://access.redhat.com/errata/RHSA-2019:1160

https://access.redhat.com/errata/RHSA-2019:1159

Details

Source: Mitre, NVD

Published: 2019-03-27

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium