vulnerability
Red Hat JBoss EAP: CVE-2019-3873: Cross-site Scripting
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:S/C:N/I:P/A:P) | Jun 10, 2019 | Sep 19, 2024 | Jul 2, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:P)
Published
Jun 10, 2019
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-79
- CVE-2019-3873
- https://attackerkb.com/topics/CVE-2019-3873
- URL-https://access.redhat.com/security/cve/CVE-2019-3873
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1689014
- URL-https://access.redhat.com/errata/RHSA-2019:1419
- URL-https://access.redhat.com/errata/RHSA-2019:1420
- URL-https://access.redhat.com/errata/RHSA-2019:1421
- URL-https://access.redhat.com/errata/RHSA-2019:1424
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.