CVE-2023-6838

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.

Published: Dec 15, 2023
Updated: Dec 20, 2023
CVE: CVE-2023-6838
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
wso2 / api_manager	3.1.0	3.1.0.x
wso2 / api_manager	3.2.0	3.2.0.x
wso2 / identity_server_as_key_manager	5.10.0	5.10.0.x
wso2 / identity_server	5.10.0	5.10.0.x

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1233/

Vulnerability Database

289,689

CVE-2023-6838