Description
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
Related CPE's
Vulnerable
a
wso2
api_manager_analytics
3
Vulnerable
Vulnerable
Vulnerable
a
wso2
identity_server_analytics
4
a
wso2
identity_server_as_key_manager
5
Vulnerable
References
https://github.com/JHHAX/CVE-2020-17453-PoC
ExploitThird Party Advisory
https://twitter.com/JacksonHHax/status/1374681422678519813
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2021-04-05T22:15:12.633
4 years agoLast modified
2024-01-11T03:15:08.600
1 year ago