CVE-2022-4520

Name of the Vulnerable Software and Affected Versions WSO2 carbon-registry versions up to 4.8.11

Description A vulnerability was found in the Advanced Search component of WSO2 carbon-registry, affecting some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp. The manipulation of the argument mediaType/rightOp/leftOp/rightPropertyValue/leftPropertyValue leads to cross-site scripting. The attack may be launched remotely. Upgrading to version 4.8.12 is able to address this issue.

Recommendations For WSO2 carbon-registry versions up to 4.8.11, upgrade to version 4.8.12 to address the issue. As a temporary workaround, consider restricting access to the Advanced Search component until the upgrade is applied. Avoid using the arguments mediaType, rightOp, leftOp, rightPropertyValue, and leftPropertyValue in the affected component until the issue is resolved.