JBoss Application Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-3606 - Vulnerability Database

JBoss Application Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-3606

Medium

Reference: CVE-2011-3606

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-3606

Title: JBoss Application Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user with the administrator privilege to visit it which would lead into the DOM environment modification and arbitrary HTML or web script execution.