CVE-2017-2674

Name of the Vulnerable Software and Affected Versions: JBoss BRMS 6 and BPM Suite 6 versions prior to 6.4.3

Description: The issue is related to a stored XSS flaw in Business Central, specifically due to the lack of sanitation of user input when creating new lists. This allows remote, authenticated attackers with list creation privileges to store scripts in lists, which are then displayed to other users, including administrators, without proper sanitization.

Recommendations: For JBoss BRMS 6 and BPM Suite 6 versions prior to 6.4.3, update to version 6.4.3 or later to resolve the issue.