Description

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0718

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2020/WSO2-2020-0718/

Related Vulnerabilities

CVE-2019-10440 Vulnerability in maven package org.jenkins-ci.plugins:neoload-jenkins-plugin

CVE-2020-1935 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2018-11093 Vulnerability in npm package @ckeditor/ckeditor5-link

CVE-2022-34202 Vulnerability in maven package com.geteasyqa:easyqa

CVE-2018-1000169 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory