PT-2020-14005 · Wso2 · Wso2 Is As Key Manager+1
Published
2020-06-18
·
Updated
2022-11-16
·
CVE-2020-14445
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WSO2 Identity Server versions through 5.9.0
WSO2 IS as Key Manager versions through 5.9.0
Description
A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface. This issue affects the Management Console's Basic Policy Editor, potentially allowing for reflected cross-site scripting attacks.
Recommendations
For WSO2 Identity Server versions through 5.9.0, consider disabling access to the Management Console Basic Policy Editor until a fix is available.
For WSO2 IS as Key Manager versions through 5.9.0, restrict access to the Management Console Basic Policy Editor to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wso2 Is As Key Manager
Wso2 Identity Server