CVE-2020-17453

Name of the Vulnerable Software and Affected Versions: WSO2 Management Console versions through 5.10

Description: The issue allows for cross-site scripting (XSS) attacks via the msgId parameter in the carbon/admin/login.jsp page. This can potentially lead to privilege escalation. There have been reports of this issue being exploited in real-world attacks to gain super admin privileges.

Recommendations: For WSO2 Management Console versions through 5.10, consider disabling access to the carbon/admin/login.jsp page until a patch is available. As a temporary workaround, restrict the use of the msgId parameter in this page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.