CVE-2016-8608

Name of the Vulnerable Software and Affected Versions JBoss BRMS 6 and BPM Suite 6

Description The issue is related to a stored XSS flaw in the business process editor, caused by an incomplete fix. Remote, authenticated attackers with privileges to create business processes can store scripts that are not properly sanitized, allowing them to be executed when shown to other users, including administrators.

Recommendations For JBoss BRMS 6 and BPM Suite 6, consider restricting access to the business process editor to minimize the risk of exploitation until a proper fix is applied. As a temporary workaround, ensure that all scripts created within business processes are manually sanitized before being displayed to other users.