1. Home
  2. CVE Database
  3. CVE-2017-14651
MEDIUM · 4.8

CVE-2017-14651

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

Vulnerability Description

WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
Wso2Api Manager2.1.0
Wso2App Manager1.2.0
Wso2Application Server5.3.0
Wso2Business Process Server3.6.0
Wso2Business Rules Server2.2.0
Wso2Complex Event Processor4.2.0
Wso2Dashboard Server2.0.0
Wso2Data Analytics Server3.1.0
Wso2Data Services Server3.5.1
Wso2Enterprise Integrator6.1.1
Wso2Enterprise Mobility Manager2.2.0
Wso2Governance Registry5.4.0
Wso2Identity Server5.3.0
Wso2Iot Server3.0.0
Wso2Machine Learner1.2.0
Wso2Message Broker3.2.0
Wso2Storage Server1.5.0

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2017-14651?

CVE-2017-14651 is a vulnerability with a CVSS score of 4.8 (MEDIUM). WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

How severe is CVE-2017-14651?

CVE-2017-14651 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-14651?

Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager, Wso2 App Manager, Wso2 Application Server, Wso2 Business Process Server, Wso2 Business Rules Server.