CVE-2023-6911

Summary

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.

Affected Software

VendorProductVersion RangeStatus
WSO2WSO2 API Manager0 < 2.2.0.0unknown
WSO2WSO2 API Manager2.2.0.0 < 2.2.0.1affected
WSO2WSO2 API Manager2.5.0.0 < 2.5.0.1affected
WSO2WSO2 API Manager2.6.0.0 < 2.6.0.1affected
WSO2WSO2 API Manager3.0.0.0 < 3.0.0.1affected
WSO2WSO2 API Manager3.1.0.0 < 3.1.0.1affected
WSO2WSO2 API Manager3.2.0.0 < 3.2.0.1affected
WSO2WSO2 API Manager Analytics0 < 2.2.0.0unknown
WSO2WSO2 API Manager Analytics2.2.0.0 < 2.2.0.1affected
WSO2WSO2 API Manager Analytics2.5.0.0 < 2.5.0.1affected
WSO2WSO2 API Microgateway0 < 2.2.0.0unknown
WSO2WSO2 API Microgateway2.2.0.0 < 2.2.0.1affected
WSO2WSO2 Data Analytics Server0 < 3.2.0.0unknown
WSO2WSO2 Data Analytics Server3.2.0.0 < 3.2.0.1affected
WSO2WSO2 Enterprise Integrator0 < 6.1.0.0unknown
WSO2WSO2 Enterprise Integrator6.1.0.0 < 6.1.0.9affected
WSO2WSO2 Enterprise Integrator6.1.1.0 < 6.1.1.9affected
WSO2WSO2 Enterprise Integrator6.2.0.0 < 6.2.0.7affected
WSO2WSO2 Enterprise Integrator6.3.0.0 < 6.3.0.1affected
WSO2WSO2 Enterprise Integrator6.4.0.0 < 6.4.0.1affected
WSO2WSO2 Enterprise Integrator6.5.0.0 < 6.5.0.6affected
WSO2WSO2 Enterprise Integrator6.6.0.0 < 6.6.0.11affected
WSO2WSO2 IS as Key Manager0 < 5.5.0.0unknown
WSO2WSO2 IS as Key Manager5.5.0.0 < 5.5.0.1affected
WSO2WSO2 IS as Key Manager5.6.0.0 < 5.6.0.1affected
WSO2WSO2 IS as Key Manager5.7.0.0 < 5.7.0.1affected
WSO2WSO2 IS as Key Manager5.9.0.0 < 5.9.0.1affected
WSO2WSO2 IS as Key Manager5.10.0.0 < 5.10.0.1affected
WSO2WSO2 Identity Server0 < 5.4.0.0unknown
WSO2WSO2 Identity Server5.4.0.0 < 5.4.0.4affected
WSO2WSO2 Identity Server5.4.1.0 < 5.4.1.3affected
WSO2WSO2 Identity Server5.5.0.0 < 5.5.0.1affected
WSO2WSO2 Identity Server5.6.0.0 < 5.6.0.1affected
WSO2WSO2 Identity Server5.7.0.0 < 5.7.0.1affected
WSO2WSO2 Identity Server5.8.0.0 < 5.8.0.5affected
WSO2WSO2 Identity Server5.9.0.0 < 5.9.0.1affected
WSO2WSO2 Identity Server5.10.0.0 < 5.10.0.1affected
WSO2WSO2 Identity Server Analytics0 < 5.4.0.0unknown
WSO2WSO2 Identity Server Analytics5.4.0.0 < 5.4.0.2affected
WSO2WSO2 Identity Server Analytics5.4.1.0 < 5.4.1.2affected
WSO2WSO2 Identity Server Analytics5.5.0.0 < 5.5.0.1affected
WSO2WSO2 Identity Server Analytics5.6.0.0 < 5.6.0.1affected
WSO2WSO2 Message Broker0 < 3.2.0.0unknown
WSO2WSO2 Message Broker3.2.0.0 < 3.2.0.3affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References