vulnerability

Red Hat JBoss EAP: CVE-2016-6347: Cross-site Scripting

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Sep 1, 2016	Sep 19, 2024	Jul 2, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Sep 1, 2016

Added

Sep 19, 2024

Modified

Jul 2, 2025

Description

Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.. It was found that the default exception handler in RESTEasy did not properly validate user input. An attacker could use this flaw to launch a relected XSS attack.

Solution

red-hat-jboss-eap-upgrade-latest

References

CWE-79
CVE-2016-6347
https://attackerkb.com/topics/CVE-2016-6347
URL-https://access.redhat.com/security/cve/CVE-2016-6347
URL-https://bugzilla.redhat.com/show_bug.cgi?id=1372124

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today