CVE-2020-17453 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2020-17453

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

Published: Apr 6, 2021
Updated: Apr 13, 2023
CVE: CVE-2020-17453
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
wso2 / identity_server_as_key_manager	5.7.0	5.7.0.x
wso2 / enterprise_integrator	-	6.6.0.x
wso2 / api_microgateway	2.2.0	2.2.0.x
wso2 / identity_server	-	5.10.0.x
wso2 / api_manager_analytics	2.2.0	2.2.0.x
wso2 / api_manager_analytics	2.5.0	2.5.0.x
wso2 / identity_server_analytics	5.5.0	5.5.0.x
wso2 / identity_server_as_key_manager	5.5.0	5.5.0.x
wso2 / micro_integrator	1.0.0	1.0.0.x
wso2 / identity_server_analytics	5.4.1	5.4.1.x
wso2 / identity_server_analytics	5.6.0	5.6.0.x
wso2 / identity_server_analytics	5.4.0	5.4.0.x
wso2 / identity_server_as_key_manager	5.6.0	5.6.0.x
wso2 / identity_server_as_key_manager	5.9.0	5.9.0.x
wso2 / identity_server_as_key_manager	5.10.0	5.10.0.x
wso2 / api_manager_analytics	2.6.0	2.6.0.x
wso2 / api_manager	-	3.2.0.x