PT-2020-15817 · Wso2 · Wso2 Identity Server Analytics+5
Published
2020-08-27
·
Updated
2024-01-09
·
CVE-2020-24706
CVSS v3.1
6.1
Medium
| Vector | AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:R |
Name of the Vulnerable Software and Affected Versions
WSO2 API Manager versions through 3.1.0
WSO2 API Manager Analytics version 2.5.0
WSO2 IS as Key Manager versions through 5.10.0
WSO2 Identity Server versions through 5.10.0
WSO2 Identity Server Analytics versions through 5.6.0
WSO2 IoT Server version 3.1.0
Description
An issue was discovered in certain WSO2 products, where the Try It tool allows Reflected XSS.
Recommendations
For WSO2 API Manager versions through 3.1.0, update to a version later than 3.1.0 to resolve the issue.
For WSO2 API Manager Analytics version 2.5.0, update to a version later than 2.5.0 to resolve the issue.
For WSO2 IS as Key Manager versions through 5.10.0, update to a version later than 5.10.0 to resolve the issue.
For WSO2 Identity Server versions through 5.10.0, update to a version later than 5.10.0 to resolve the issue.
For WSO2 Identity Server Analytics versions through 5.6.0, update to a version later than 5.6.0 to resolve the issue.
For WSO2 IoT Server version 3.1.0, update to a version later than 3.1.0 to resolve the issue.
As a temporary workaround, consider disabling the Try It tool until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wso2 Api Manager
Wso2 Api Manager Analytics
Wso2 Is As Key Manager
Wso2 Identity Server
Wso2 Identity Server Analytics
Wso2 Iot Server