CVE-2011-3606 Vulnerability Details

  /     /     /  

CVE-2011-3606 Metadata Quick Info

CVE Published: 26/11/2019 | CVE Updated: 06/08/2024 | CVE Year: 2011
Source: redhat | Vendor: JBoss Application Server | Product: JBoss Application Server
Status : PUBLISHED

---

CVE-2011-3606 Description

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Cross-Site Scripting
Source: JBoss Application Server

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).