Description

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

Related CPE's

a

wso2

api_manager

Vulnerable

a

wso2

api_manager_analytics

3

a

wso2

api_microgateway

2.2.0

Vulnerable

a

wso2

enterprise_integrator

Vulnerable

a

wso2

identity_server

Vulnerable

a

wso2

identity_server_analytics

4

a

wso2

identity_server_as_key_manager

5

a

wso2

micro_integrator

1.0.0

Vulnerable

References

https://github.com/JHHAX/CVE-2020-17453-PoC

ExploitThird Party Advisory

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1132/

https://twitter.com/JacksonHHax/status/1374681422678519813

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-05T22:15:12.633

4 years ago

Last modified

2024-01-11T03:15:08.600

1 year ago