1. Home
  2. CVE Database
  3. CVE-2020-24704
MEDIUM · 6.1

CVE-2020-24704

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0...

Vulnerability Description

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
Wso2Api Manager2.2.0
Wso2Api Manager Analytics2.2.0
Wso2Api Microgateway2.2.0
Wso2Data Analytics Server3.2.0
Wso2Enterprise Integrator<= 6.6.0
Wso2Identity Server5.5.0
Wso2Identity Server Analytics5.5.0
Wso2Identity Server As Key Manager5.5.0
Wso2Iot Server3.3.0

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2020-24704?

CVE-2020-24704 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0...

How severe is CVE-2020-24704?

CVE-2020-24704 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-24704?

Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager, Wso2 Api Manager Analytics, Wso2 Api Microgateway, Wso2 Data Analytics Server, Wso2 Enterprise Integrator.