CVE-2019-20442

Name of the Vulnerable Software and Affected Versions WSO2 API Manager version 2.6.0 WSO2 Enterprise Integrator version 6.5.0 WSO2 IS as Key Manager version 5.7.0 WSO2 Identity Server version 5.8.0

Description A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the roleToAuthorize component of the registry UI. This issue affects the specified WSO2 products, potentially allowing for malicious script execution.

Recommendations For WSO2 API Manager version 2.6.0, update to a version that includes a fix for the stored Cross-Site Scripting vulnerability. For WSO2 Enterprise Integrator version 6.5.0, update to a version that includes a fix for the stored Cross-Site Scripting vulnerability. For WSO2 IS as Key Manager version 5.7.0, update to a version that includes a fix for the stored Cross-Site Scripting vulnerability. For WSO2 Identity Server version 5.8.0, update to a version that includes a fix for the stored Cross-Site Scripting vulnerability. As a temporary workaround, consider restricting access to the registry UI to minimize the risk of exploitation.