Vulnerability Description
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wso2 | Api Manager | <= 3.2.0 |
| Wso2 | Api Manager Analytics | 2.2.0 |
| Wso2 | Api Microgateway | 2.2.0 |
| Wso2 | Enterprise Integrator | <= 6.6.0 |
| Wso2 | Identity Server | <= 5.10.0 |
| Wso2 | Identity Server Analytics | 5.4.0 |
| Wso2 | Identity Server As Key Manager | 5.5.0 |
| Wso2 | Micro Integrator | 1.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/JHHAX/CVE-2020-17453-PoCExploitThird Party Advisory
- https://security.docs.wso2.com/en/latest/security-announcements/security-advisor
- https://twitter.com/JacksonHHax/status/1374681422678519813ExploitThird Party Advisory
- https://github.com/JHHAX/CVE-2020-17453-PoCExploitThird Party Advisory
- https://security.docs.wso2.com/en/latest/security-announcements/security-advisor
- https://twitter.com/JacksonHHax/status/1374681422678519813ExploitThird Party Advisory
FAQ
What is CVE-2020-17453?
CVE-2020-17453 is a vulnerability with a CVSS score of 6.1 (MEDIUM). WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
How severe is CVE-2020-17453?
CVE-2020-17453 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-17453?
Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager, Wso2 Api Manager Analytics, Wso2 Api Microgateway, Wso2 Enterprise Integrator, Wso2 Identity Server.