WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
References
Link | Resource |
---|---|
https://github.com/JHHAX/CVE-2020-17453-PoC | Exploit Third Party Advisory |
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1132/ | |
https://twitter.com/JacksonHHax/status/1374681422678519813 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Apr 2021, 20:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:micro_integrator:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager_analytics:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:* |
|
References | (MISC) https://twitter.com/JacksonHHax/status/1374681422678519813 - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/JHHAX/CVE-2020-17453-PoC - Exploit, Third Party Advisory | |
References | (MISC) https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CWE | CWE-79 |
05 Apr 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-05 22:15
Updated : 2024-01-11 03:15
NVD link : CVE-2020-17453
Mitre link : CVE-2020-17453
CVE.ORG link : CVE-2020-17453
JSON object : View
Products Affected
wso2
- api_manager_analytics
- identity_server_analytics
- micro_integrator
- enterprise_integrator
- identity_server_as_key_manager
- api_manager
- api_microgateway
- identity_server
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')