CVE-2018-10934
Description
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
CWE
- CWE-79 — CWE-79
Affected
- Red Hat / wildfly-core — v=7.1.6.CR1 [affected]; v=7.1.6.GA [affected]
CVSS
- 3.0 score=5.4 severity=MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10934 x_refsource_CONFIRM
- https://access.redhat.com/errata/RHSA-2019:1160 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2019:1162 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2019:1159 vendor-advisory, x_refsource_REDHAT
- https://access.redhat.com/errata/RHSA-2019:1161 vendor-advisory, x_refsource_REDHAT
- https://security.netapp.com/advisory/ntap-20190611-0002/ x_refsource_CONFIRM
Source
cvelistV5-main/cves/2018/10xxx/CVE-2018-10934.json