CVE-2020-24704

Name of the Vulnerable Software and Affected Versions WSO2 API Manager versions 2.2.0 WSO2 API Manager Analytics versions 2.2.0 WSO2 API Microgateway versions 2.2.0 WSO2 Data Analytics Server versions 3.2.0 WSO2 Enterprise Integrator versions through 6.6.0 WSO2 IS as Key Manager versions 5.5.0 WSO2 Identity Server versions 5.5.0 and 5.8.0 WSO2 Identity Server Analytics versions 5.5.0 WSO2 IoT Server versions 3.3.0 and 3.3.1

Description An issue was discovered in certain WSO2 products, where the Try It tool allows Reflected XSS.

Recommendations For WSO2 API Manager version 2.2.0, consider disabling the Try It tool until a patch is available. For WSO2 API Manager Analytics version 2.2.0, consider disabling the Try It tool until a patch is available. For WSO2 API Microgateway version 2.2.0, consider disabling the Try It tool until a patch is available. For WSO2 Data Analytics Server version 3.2.0, consider disabling the Try It tool until a patch is available. For WSO2 Enterprise Integrator versions through 6.6.0, consider disabling the Try It tool until a patch is available. For WSO2 IS as Key Manager version 5.5.0, consider disabling the Try It tool until a patch is available. For WSO2 Identity Server versions 5.5.0 and 5.8.0, consider disabling the Try It tool until a patch is available. For WSO2 Identity Server Analytics version 5.5.0, consider disabling the Try It tool until a patch is available. For WSO2 IoT Server versions 3.3.0 and 3.3.1, consider disabling the Try It tool until a patch is available.