Description
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0707
https://cybersecurityworks.com/zerodays/cve-2020-14444-wso2.html
Related Vulnerabilities
CVE-2021-20218 Vulnerability in maven package io.fabric8:kubernetes-client
CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-themes
CVE-2023-43123 Vulnerability in maven package org.apache.storm:storm-pmml-examples
CVE-2023-28709 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-41252 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt