CVE-2022-39809

Name of the Vulnerable Software and Affected Versions WSO2 Enterprise Integrator version 6.4.0

Description A Reflected Cross-Site Scripting (XSS) issue has been identified in the Management Console under "/carbon/mediation secure vault/properties/ajaxprocessor.jsp" via the name parameter. This issue does not allow for session hijacking or similar attacks.

Recommendations For WSO2 Enterprise Integrator version 6.4.0, consider disabling access to the "/carbon/mediation secure vault/properties/ajaxprocessor.jsp" endpoint until a patch is available. Additionally, restrict the use of the name parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.