Description
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0711
https://cybersecurityworks.com/zerodays/cve-2020-14445-wso2.html
Related Vulnerabilities
CVE-2022-31129 Vulnerability in maven package org.webjars.bower:moment
CVE-2019-1003022 Vulnerability in maven package org.jvnet.hudson.plugins:monitoring
CVE-2022-25758 Vulnerability in npm package scss-tokenizer
CVE-2020-2217 Vulnerability in maven package org.jenkins-ci.plugins:compatibility-action-storage
CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-common-config