Description

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0718

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2020/WSO2-2020-0718/

Related Vulnerabilities

CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty:jetty-http

CVE-2023-37277 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rest-server

CVE-2014-0230 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2018-17247 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2019-10325 Vulnerability in maven package io.jenkins.plugins:warnings-ng

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory