Vulnerability Description
Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wso2 | Enablement Server For Java | <= 6.6-20090827-1616 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/137073/WSO2-SOA-Enablement-Server-Cross-SitExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/538413/100/0/threaded
- http://www.securityfocus.com/bid/85893Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/137073/WSO2-SOA-Enablement-Server-Cross-SitExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/538413/100/0/threaded
- http://www.securityfocus.com/bid/85893Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-4327?
CVE-2016-4327 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_...
How severe is CVE-2016-4327?
CVE-2016-4327 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4327?
Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Enablement Server For Java.