[MAVEN:GHSA-8VJ9-5V5Q-FHCH] Bonita cross-site scripting vulnerability

Severity Moderate

Affected Packages 2

Fixed Packages 2

CVEs 1

Bonita before 10.1.0.W11 allows stored XSS via a UI screen in the administration panel.

Package	Affected Version
pkg:maven/org.bonitasoft.platform/platform-resources	< 10.1.0.W11
pkg:maven/org.bonitasoft.console/bonita-web-server	< 10.1.0.W11

Package	Fixed Version
pkg:maven/org.bonitasoft.platform/platform-resources	= 10.1.0.W11
pkg:maven/org.bonitasoft.console/bonita-web-server	= 10.1.0.W11

ID: MAVEN:GHSA-8VJ9-5V5Q-FHCH
Severity: moderate
URL: https://github.com/advisories/GHSA-8vj9-5v5q-fhch
Published: 2024-04-01T00:30:43
(3 months ago)
Modified: 2024-04-01T15:52:51
(3 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2024-27609
			https://documentation.bonitasoft.com/bonita/latest/release-notes#_fixes_in_bonita_runtime_including_bonita_applications_2
			https://github.com/bonitasoft/bonita-engine/commit/15dc60a99d97f9407b5089ba26f792cf3bd87f6b
			https://github.com/bonitasoft/bonita-engine/commit/26b24690a80dce11c0a4fa38ea54aeb35ca1e541
			https://github.com/bonitasoft/bonita-engine/commit/2c84ea1a76f7e7f345c334645e46428e9376b0c9
			https://github.com/bonitasoft/bonita-engine/commit/90469adf2b0ebf33f4c65b583f5c96284c8c1086
			https://github.com/advisories/GHSA-8vj9-5v5q-fhch

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.bonitasoft.platform/platform-resources	org.bonitasoft.platform	platform-resources	< 10.1.0.W11
Fixed	pkg:maven/org.bonitasoft.platform/platform-resources	org.bonitasoft.platform	platform-resources	= 10.1.0.W11
Affected	pkg:maven/org.bonitasoft.console/bonita-web-server	org.bonitasoft.console	bonita-web-server	< 10.1.0.W11
Fixed	pkg:maven/org.bonitasoft.console/bonita-web-server	org.bonitasoft.console	bonita-web-server	= 10.1.0.W11

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date