A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603 | Vendor Advisory |
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1603/ |
Configurations
Configuration 1 (hide)
|
History
03 Nov 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Dec 2022, 22:41
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry |
27 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 May 2022, 18:08
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603 - Vendor Advisory | |
First Time |
Wso2 api Manager Analytics
Wso2 identity Server As Key Manager Wso2 enterprise Integrator Wso2 micro Integrator Wso2 data Analytics Server Wso2 Wso2 api Manager Wso2 identity Server Wso2 identity Server Analytics Wso2 api Microgateway |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
CWE | CWE-79 | |
CPE | cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server:5.7.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:enterprise_integrator:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server:5.11.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:micro_integrator:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server:5.9.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server:5.5.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:data_analytics_server:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:enterprise_integrator:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager_analytics:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:enterprise_integrator:6.6.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:enterprise_integrator:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:identity_server:5.6.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:enterprise_integrator:6.5.0:*:*:*:*:*:*:* |
21 Apr 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-21 02:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-29548
Mitre link : CVE-2022-29548
CVE.ORG link : CVE-2022-29548
JSON object : View
Products Affected
wso2
- api_manager_analytics
- identity_server_analytics
- micro_integrator
- enterprise_integrator
- identity_server_as_key_manager
- api_manager
- api_microgateway
- identity_server
- data_analytics_server
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')