CVE-2022-4521

Name of the Vulnerable Software and Affected Versions WSO2 carbon-registry versions up to 4.8.6

Description A vulnerability has been found in WSO2 carbon-registry, affecting an unknown part of the component Request Parameter Handler. The manipulation of the argument parentPath/path/username/path/profile menu leads to cross-site scripting. It is possible to initiate the attack remotely.

Recommendations For WSO2 carbon-registry versions up to 4.8.6, upgrade to version 4.8.7 to address this issue. As a temporary workaround, consider restricting access to the vulnerable Request Parameter Handler component until a patch is applied. Avoid using the argument parentPath/path/username/path/profile menu in the affected component until the issue is resolved.