CVE-2016-6343

Name of the Vulnerable Software and Affected Versions JBoss BPM Suite 6

Description The issue allows remote attackers to perform a reflected XSS attack via dashbuilder. This can be achieved by enticing authenticated users, typically admins, to click on malicious links to the /dashbuilder/Controller endpoint, which contains malicious scripts. Successful exploitation enables the execution of script code within the context of the affected user.

Recommendations For JBoss BPM Suite 6, consider disabling access to the /dashbuilder/Controller endpoint until a fix is available, or restrict access to dashbuilder to minimize the risk of exploitation.