CVE-2017-14995

Name of the Vulnerable Software and Affected Versions WSO2 Application Server version 5.3.0 WSO2 Business Process Server version 3.6.0 WSO2 Business Rules Server version 2.2.0 WSO2 Complex Event Processor version 4.2.0 WSO2 Dashboard Server version 2.0.0 WSO2 Data Analytics Server version 3.1.0 WSO2 Data Services Server version 3.5.1 WSO2 Machine Learner version 1.2.0

Description The Management Console in the listed WSO2 products is affected by a stored XSS issue. This means that an attacker could potentially inject malicious code into the console, which would then be executed by the application.

Recommendations For WSO2 Application Server version 5.3.0, update to a version that includes a fix for the stored XSS issue in the Management Console. For WSO2 Business Process Server version 3.6.0, update to a version that includes a fix for the stored XSS issue in the Management Console. For WSO2 Business Rules Server version 2.2.0, update to a version that includes a fix for the stored XSS issue in the Management Console. For WSO2 Complex Event Processor version 4.2.0, update to a version that includes a fix for the stored XSS issue in the Management Console. For WSO2 Dashboard Server version 2.0.0, update to a version that includes a fix for the stored XSS issue in the Management Console. For WSO2 Data Analytics Server version 3.1.0, update to a version that includes a fix for the stored XSS issue in the Management Console. For WSO2 Data Services Server version 3.5.1, update to a version that includes a fix for the stored XSS issue in the Management Console. For WSO2 Machine Learner version 1.2.0, update to a version that includes a fix for the stored XSS issue in the Management Console.