Moderate: Cross-Site-Scripting in JMX console --------------------------------------------- Key: JBAS-5855 URL: https://jira.jboss.org/jira/browse/JBAS-5855 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Affects Versions: JBossAS-4.2.3.GA, JBossAS-5.0.0.CR1 Reporter: Clive Saldanha Fix For: JBossAS-5.0.0.CR2, JBossAS-4.2.4.GA Marc Schoenefeld "Enter aa"<script>alert(document.cookie)</script>:* into http://127.0.0.1:8080/jmx-console/HtmlAdaptor?action=displayMBeans it will show that arbitrary web script can be inserted" -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira