Abstract Advisory Information
The WSO2 Dashboard Server application is prone to an XSS Stored on the description part on the API.
Authors: Julien Oury–Nogues
Version affected
Name: WSO2 Dashboard Server
Versions: 2.0.0
Common Vulnerability Scoring System
3.5
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Patches
Unknown
References
None
Vulnerability Disclosure Timeline
- 24/10/2018 – Vulnerability discovered
- 29/10/2018 – Contact WSO2 security team
- 30/10/2018 – Acknowledgement From WSO2 security team
- 21/02/2019 – Public disclosure