Description
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- WSO2 / WSO2 API Manager0 – 3.1.0.0
- WSO2 / WSO2 API Manager3.1.0.0 – 3.1.0.14
- WSO2 / WSO2 API Manager3.2.0.0 – 3.2.0.10
- WSO2 / WSO2 Identity Server0 – 5.10.0.0
- WSO2 / WSO2 Identity Server5.10.0.0 – 5.10.0.5
- WSO2 / WSO2 IS as Key Manager0 – 5.10.0.0
- WSO2 / WSO2 IS as Key Manager5.10.0.0 – 5.10.0.5