Vulnerability Description
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wso2 | Api Manager | < 4.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/adilkhan7/CVE-2023-31664ExploitThird Party Advisory
- https://github.com/wso2/api-manager/issues?q=is%3Aissue+is%3Aclosed+label%3ACompIssue Tracking
- https://github.com/wso2/product-apim/releases/tag/v4.2.0Release Notes
- https://github.com/adilkhan7/CVE-2023-31664ExploitThird Party Advisory
- https://github.com/wso2/api-manager/issues?q=is%3Aissue+is%3Aclosed+label%3ACompIssue Tracking
- https://github.com/wso2/product-apim/releases/tag/v4.2.0Release Notes
FAQ
What is CVE-2023-31664?
CVE-2023-31664 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloa...
How severe is CVE-2023-31664?
CVE-2023-31664 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-31664?
Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager.