CVE-2017-7463

Name of the Vulnerable Software and Affected Versions JBoss BRMS 6 and BPM Suite 6 versions prior to 6.4.3

Description The issue allows for a reflected XSS attack via artifact upload. If a malformed XML file is uploaded, it causes an error message to appear that includes part of the bad XML code without filtering out scripts. This could allow execution of script code within the context of the affected user.

Recommendations For JBoss BRMS 6 and BPM Suite 6 versions prior to 6.4.3, update to version 6.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the upload of XML files or validating and sanitizing all uploaded files to prevent malicious code execution.