Abstract Advisory Information
A XSS reflected exists on the carbon part of the product.
Authors: Julien Oury–Nogues
Version affected
Name: WSO2 API Manager
Versions: 2.6.0
Common Vulnerability Scoring System
3.5
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Patches
http://product-dist.wso2.com/downloads/carbon/wilkes/patch3537/WSO2-CARBON-PATCH-4.4.0-3537.zip
Reference
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0504
Vulnerability Disclosure Timeline
- 19/10/2018 : Vulnerability discovered
- 22/10/2018 : Contact WSO2 security team
- 29/01/2019 : Public disclosure
