CVE-2013-4372

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1011736

http://www.securityfocus.com/bid/62659

http://rhn.redhat.com/errata/RHSA-2013-1862.html

http://rhn.redhat.com/errata/RHSA-2013-1286.html

http://fusesource.com/issues/browse/FMC-495

http://fusesource.com/forge/git/fuseenterprise.git/?p=fuseenterprise.git%3Ba=commitdiff%3Bh=f5436ea1c5547c851bb6f92561272fe42c146e68

Details

Source: Mitre, NVD

Published: 2013-09-30

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00421