Description

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0718

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2020/WSO2-2020-0718/

Related Vulnerabilities

CVE-2022-24785 Vulnerability in npm package moment

CVE-2022-28220 Vulnerability in maven package org.apache.james.protocols:protocols-netty

CVE-2017-2585 Vulnerability in maven package org.keycloak:keycloak-core

CVE-2020-2193 Vulnerability in maven package io.jenkins.plugins:echarts-api

CVE-2020-14359 Vulnerability in maven package org.keycloak:keycloak-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory