{"uuid": "d8dbba88-36b4-4d7b-a517-395a1650f7b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2016-5398", "type": "seen", "source": "https://t.me/VulnerabilityNews/380", "content": "JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.\nPublished at: August 01, 2018 at 04:29PM\nView on website", "creation_timestamp": "2018-08-01T19:18:39.000000Z"}