Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
2023-12-18T09:15:05.810
2024-11-21T08:44:49.210
Modified
ed10eef1-636d-4fbe-9993-6890dfa878f8
CVSSv3.1: 4.8 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | wso2 | api_manager | 2.2.0 | Yes |
| Application | wso2 | api_manager | 2.5.0 | Yes |
| Application | wso2 | api_manager | 2.6.0 | Yes |
| Application | wso2 | api_manager | 3.0.0 | Yes |
| Application | wso2 | api_manager | 3.1.0 | Yes |
| Application | wso2 | api_manager | 3.2.0 | Yes |
| Application | wso2 | api_manager_analytics | 2.2.0 | Yes |
| Application | wso2 | api_manager_analytics | 2.5.0 | Yes |
| Application | wso2 | api_microgateway | 2.2.0 | Yes |
| Application | wso2 | data_analytics_server | 3.2.0 | Yes |
| Application | wso2 | enterprise_integrator | 6.1.0 | Yes |
| Application | wso2 | enterprise_integrator | 6.1.1 | Yes |
| Application | wso2 | enterprise_integrator | 6.2.0 | Yes |
| Application | wso2 | enterprise_integrator | 6.3.0 | Yes |
| Application | wso2 | enterprise_integrator | 6.4.0 | Yes |
| Application | wso2 | enterprise_integrator | 6.5.0 | Yes |
| Application | wso2 | enterprise_integrator | 6.6.0 | Yes |
| Application | wso2 | identity_server_as_key_manager | 5.5.0 | Yes |
| Application | wso2 | identity_server_as_key_manager | 5.6.0 | Yes |
| Application | wso2 | identity_server_as_key_manager | 5.7.0 | Yes |
| Application | wso2 | identity_server_as_key_manager | 5.9.0 | Yes |
| Application | wso2 | identity_server_as_key_manager | 5.10.0 | Yes |
| Application | wso2 | identity_server | 5.4.0 | Yes |
| Application | wso2 | identity_server | 5.4.1 | Yes |
| Application | wso2 | identity_server | 5.5.0 | Yes |
| Application | wso2 | identity_server | 5.6.0 | Yes |
| Application | wso2 | identity_server | 5.7.0 | Yes |
| Application | wso2 | identity_server | 5.8.0 | Yes |
| Application | wso2 | identity_server | 5.9.0 | Yes |
| Application | wso2 | identity_server | 5.10.0 | Yes |
| Application | wso2 | identity_server_analytics | 5.4.0 | Yes |
| Application | wso2 | identity_server_analytics | 5.4.1 | Yes |
| Application | wso2 | identity_server_analytics | 5.5.0 | Yes |
| Application | wso2 | identity_server_analytics | 5.6.0 | Yes |
| Application | wso2 | message_broker | 3.2.0 | Yes |