CVE-2023-6911
4.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WSO2 | WSO2 API Manager | 0 < 2.2.0.0 | unknown |
| WSO2 | WSO2 API Manager | 2.2.0.0 < 2.2.0.1 | affected |
| WSO2 | WSO2 API Manager | 2.5.0.0 < 2.5.0.1 | affected |
| WSO2 | WSO2 API Manager | 2.6.0.0 < 2.6.0.1 | affected |
| WSO2 | WSO2 API Manager | 3.0.0.0 < 3.0.0.1 | affected |
| WSO2 | WSO2 API Manager | 3.1.0.0 < 3.1.0.1 | affected |
| WSO2 | WSO2 API Manager | 3.2.0.0 < 3.2.0.1 | affected |
| WSO2 | WSO2 API Manager Analytics | 0 < 2.2.0.0 | unknown |
| WSO2 | WSO2 API Manager Analytics | 2.2.0.0 < 2.2.0.1 | affected |
| WSO2 | WSO2 API Manager Analytics | 2.5.0.0 < 2.5.0.1 | affected |
| WSO2 | WSO2 API Microgateway | 0 < 2.2.0.0 | unknown |
| WSO2 | WSO2 API Microgateway | 2.2.0.0 < 2.2.0.1 | affected |
| WSO2 | WSO2 Data Analytics Server | 0 < 3.2.0.0 | unknown |
| WSO2 | WSO2 Data Analytics Server | 3.2.0.0 < 3.2.0.1 | affected |
| WSO2 | WSO2 Enterprise Integrator | 0 < 6.1.0.0 | unknown |
| WSO2 | WSO2 Enterprise Integrator | 6.1.0.0 < 6.1.0.9 | affected |
| WSO2 | WSO2 Enterprise Integrator | 6.1.1.0 < 6.1.1.9 | affected |
| WSO2 | WSO2 Enterprise Integrator | 6.2.0.0 < 6.2.0.7 | affected |
| WSO2 | WSO2 Enterprise Integrator | 6.3.0.0 < 6.3.0.1 | affected |
| WSO2 | WSO2 Enterprise Integrator | 6.4.0.0 < 6.4.0.1 | affected |
| WSO2 | WSO2 Enterprise Integrator | 6.5.0.0 < 6.5.0.6 | affected |
| WSO2 | WSO2 Enterprise Integrator | 6.6.0.0 < 6.6.0.11 | affected |
| WSO2 | WSO2 IS as Key Manager | 0 < 5.5.0.0 | unknown |
| WSO2 | WSO2 IS as Key Manager | 5.5.0.0 < 5.5.0.1 | affected |
| WSO2 | WSO2 IS as Key Manager | 5.6.0.0 < 5.6.0.1 | affected |
| WSO2 | WSO2 IS as Key Manager | 5.7.0.0 < 5.7.0.1 | affected |
| WSO2 | WSO2 IS as Key Manager | 5.9.0.0 < 5.9.0.1 | affected |
| WSO2 | WSO2 IS as Key Manager | 5.10.0.0 < 5.10.0.1 | affected |
| WSO2 | WSO2 Identity Server | 0 < 5.4.0.0 | unknown |
| WSO2 | WSO2 Identity Server | 5.4.0.0 < 5.4.0.4 | affected |
| WSO2 | WSO2 Identity Server | 5.4.1.0 < 5.4.1.3 | affected |
| WSO2 | WSO2 Identity Server | 5.5.0.0 < 5.5.0.1 | affected |
| WSO2 | WSO2 Identity Server | 5.6.0.0 < 5.6.0.1 | affected |
| WSO2 | WSO2 Identity Server | 5.7.0.0 < 5.7.0.1 | affected |
| WSO2 | WSO2 Identity Server | 5.8.0.0 < 5.8.0.5 | affected |
| WSO2 | WSO2 Identity Server | 5.9.0.0 < 5.9.0.1 | affected |
| WSO2 | WSO2 Identity Server | 5.10.0.0 < 5.10.0.1 | affected |
| WSO2 | WSO2 Identity Server Analytics | 0 < 5.4.0.0 | unknown |
| WSO2 | WSO2 Identity Server Analytics | 5.4.0.0 < 5.4.0.2 | affected |
| WSO2 | WSO2 Identity Server Analytics | 5.4.1.0 < 5.4.1.2 | affected |
| WSO2 | WSO2 Identity Server Analytics | 5.5.0.0 < 5.5.0.1 | affected |
| WSO2 | WSO2 Identity Server Analytics | 5.6.0.0 < 5.6.0.1 | affected |
| WSO2 | WSO2 Message Broker | 0 < 3.2.0.0 | unknown |
| WSO2 | WSO2 Message Broker | 3.2.0.0 < 3.2.0.3 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.