CVE-2023-6911

MEDIUM4.8Cross-site scripting

Description

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

WSO2 / WSO2 API Manager0 – 2.2.0.0
WSO2 / WSO2 API Manager2.2.0.0 – 2.2.0.1
WSO2 / WSO2 API Manager2.5.0.0 – 2.5.0.1
WSO2 / WSO2 API Manager2.6.0.0 – 2.6.0.1
WSO2 / WSO2 API Manager3.0.0.0 – 3.0.0.1
WSO2 / WSO2 API Manager3.1.0.0 – 3.1.0.1
WSO2 / WSO2 API Manager3.2.0.0 – 3.2.0.1
WSO2 / WSO2 API Manager Analytics0 – 2.2.0.0
WSO2 / WSO2 API Manager Analytics2.2.0.0 – 2.2.0.1
WSO2 / WSO2 API Manager Analytics2.5.0.0 – 2.5.0.1
WSO2 / WSO2 API Microgateway0 – 2.2.0.0
WSO2 / WSO2 API Microgateway2.2.0.0 – 2.2.0.1
WSO2 / WSO2 Data Analytics Server0 – 3.2.0.0
WSO2 / WSO2 Data Analytics Server3.2.0.0 – 3.2.0.1
WSO2 / WSO2 Enterprise Integrator0 – 6.1.0.0
WSO2 / WSO2 Enterprise Integrator6.1.0.0 – 6.1.0.9
WSO2 / WSO2 Enterprise Integrator6.1.1.0 – 6.1.1.9
WSO2 / WSO2 Enterprise Integrator6.2.0.0 – 6.2.0.7
WSO2 / WSO2 Enterprise Integrator6.3.0.0 – 6.3.0.1
WSO2 / WSO2 Enterprise Integrator6.4.0.0 – 6.4.0.1
WSO2 / WSO2 Enterprise Integrator6.5.0.0 – 6.5.0.6
WSO2 / WSO2 Enterprise Integrator6.6.0.0 – 6.6.0.11
WSO2 / WSO2 Identity Server5.4.1.0 – 5.4.1.3
WSO2 / WSO2 Identity Server5.10.0.0 – 5.10.0.1
WSO2 / WSO2 Identity Server5.9.0.0 – 5.9.0.1
WSO2 / WSO2 Identity Server5.8.0.0 – 5.8.0.5
WSO2 / WSO2 Identity Server5.7.0.0 – 5.7.0.1
WSO2 / WSO2 Identity Server5.6.0.0 – 5.6.0.1
WSO2 / WSO2 Identity Server0 – 5.4.0.0
WSO2 / WSO2 Identity Server5.4.0.0 – 5.4.0.4
WSO2 / WSO2 Identity Server5.5.0.0 – 5.5.0.1
WSO2 / WSO2 Identity Server Analytics5.4.0.0 – 5.4.0.2
WSO2 / WSO2 Identity Server Analytics0 – 5.4.0.0
WSO2 / WSO2 Identity Server Analytics5.4.1.0 – 5.4.1.2
WSO2 / WSO2 Identity Server Analytics5.5.0.0 – 5.5.0.1
WSO2 / WSO2 Identity Server Analytics5.6.0.0 – 5.6.0.1
WSO2 / WSO2 IS as Key Manager5.6.0.0 – 5.6.0.1
WSO2 / WSO2 IS as Key Manager5.7.0.0 – 5.7.0.1
WSO2 / WSO2 IS as Key Manager5.5.0.0 – 5.5.0.1
WSO2 / WSO2 IS as Key Manager0 – 5.5.0.0
WSO2 / WSO2 IS as Key Manager5.10.0.0 – 5.10.0.1
WSO2 / WSO2 IS as Key Manager5.9.0.0 – 5.9.0.1
WSO2 / WSO2 Message Broker0 – 3.2.0.0
WSO2 / WSO2 Message Broker3.2.0.0 – 3.2.0.3

References

VENDOR_ADVISORYhttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/