CVE-2021-36760
N/A
N/A
Summary
In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://docs.wso2.com/display/Security/2021+Advisories
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1314
References
- https://docs.wso2.com/display/Security/2021+Advisories
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1314
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.