Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.
https://bugzilla.redhat.com/show_bug.cgi?id=1011736
http://www.securityfocus.com/bid/62659
http://rhn.redhat.com/errata/RHSA-2013-1862.html
http://rhn.redhat.com/errata/RHSA-2013-1286.html