Description
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface.
Remediation
References
https://cybersecurityworks.com/zerodays/cve-2020-14445-wso2.html
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0711
Related Vulnerabilities
CVE-2017-16165 Vulnerability in npm package calmquist.static-server
CVE-2023-40339 Vulnerability in maven package org.jenkins-ci.plugins:config-file-provider
CVE-2020-7712 Vulnerability in npm package json
CVE-2020-13943 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2020-11988 Vulnerability in maven package org.apache.xmlgraphics:xmlgraphics-commons