CVE-2020-17453
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
| Software | From | Fixed in |
|---|---|---|
| wso2 / identity_server_as_key_manager | 5.7.0 | 5.7.0.x |
| wso2 / enterprise_integrator | - | 6.6.0.x |
| wso2 / api_microgateway | 2.2.0 | 2.2.0.x |
| wso2 / identity_server | - | 5.10.0.x |
| wso2 / api_manager_analytics | 2.2.0 | 2.2.0.x |
| wso2 / api_manager_analytics | 2.5.0 | 2.5.0.x |
| wso2 / identity_server_analytics | 5.5.0 | 5.5.0.x |
| wso2 / identity_server_as_key_manager | 5.5.0 | 5.5.0.x |
| wso2 / micro_integrator | 1.0.0 | 1.0.0.x |
| wso2 / identity_server_analytics | 5.4.1 | 5.4.1.x |
| wso2 / identity_server_analytics | 5.6.0 | 5.6.0.x |
| wso2 / identity_server_analytics | 5.4.0 | 5.4.0.x |
| wso2 / identity_server_as_key_manager | 5.6.0 | 5.6.0.x |
| wso2 / identity_server_as_key_manager | 5.9.0 | 5.9.0.x |
| wso2 / identity_server_as_key_manager | 5.10.0 | 5.10.0.x |
| wso2 / api_manager_analytics | 2.6.0 | 2.6.0.x |
| wso2 / api_manager | - | 3.2.0.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime