CVE-2023-6911 — MEDIUM (4.8)

Vulnerability Description

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wso2	Api Manager	2.2.0
Wso2	Api Manager Analytics	2.2.0
Wso2	Api Microgateway	2.2.0
Wso2	Data Analytics Server	3.2.0
Wso2	Enterprise Integrator	6.1.0
Wso2	Identity Server As Key Manager	5.5.0
Wso2	Identity Server	5.4.0
Wso2	Identity Server Analytics	5.4.0
Wso2	Message Broker	3.2.0

Related Weaknesses (CWE)

CWE-79

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisorVendor Advisory
https://security.docs.wso2.com/en/latest/security-announcements/security-advisorVendor Advisory

FAQ

What is CVE-2023-6911?

CVE-2023-6911 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload in...

How severe is CVE-2023-6911?

CVE-2023-6911 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-6911?

Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager, Wso2 Api Manager Analytics, Wso2 Api Microgateway, Wso2 Data Analytics Server, Wso2 Enterprise Integrator.