CVE-2023-6838
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WSO2 | WSO2 API Manager | 0 < 3.1.0.0 | unknown |
| WSO2 | WSO2 API Manager | 3.1.0.0 < 3.1.0.14 | affected |
| WSO2 | WSO2 API Manager | 3.2.0.0 < 3.2.0.10 | affected |
| WSO2 | WSO2 Identity Server | 0 < 5.10.0.0 | unknown |
| WSO2 | WSO2 Identity Server | 5.10.0.0 < 5.10.0.5 | affected |
| WSO2 | WSO2 IS as Key Manager | 0 < 5.10.0.0 | unknown |
| WSO2 | WSO2 IS as Key Manager | 5.10.0.0 < 5.10.0.5 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.