Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2023-6911

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.

CVSS v3:

  • Severity: Low
  • Score: 4.8
  • AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
wso2 / api_manager 2.6.0 2.6.0.x
wso2 / api_manager 3.0.0 3.0.0.x
wso2 / api_manager 2.2.0 2.2.0.x
wso2 / api_manager 3.1.0 3.1.0.x
wso2 / api_manager 3.2.0 3.2.0.x
wso2 / api_manager 2.5.0 2.5.0.x
wso2 / api_manager_analytics 2.2.0 2.2.0.x
wso2 / api_manager_analytics 2.5.0 2.5.0.x
wso2 / api_microgateway 2.2.0 2.2.0.x
wso2 / data_analytics_server 3.2.0 3.2.0.x
wso2 / enterprise_integrator 6.1.1 6.1.1.x
wso2 / enterprise_integrator 6.5.0 6.5.0.x
wso2 / enterprise_integrator 6.2.0 6.2.0.x
wso2 / enterprise_integrator 6.3.0 6.3.0.x
wso2 / enterprise_integrator 6.4.0 6.4.0.x
wso2 / enterprise_integrator 6.6.0 6.6.0.x
wso2 / enterprise_integrator 6.1.0 6.1.0.x
wso2 / identity_server_as_key_manager 5.7.0 5.7.0.x
wso2 / identity_server_as_key_manager 5.5.0 5.5.0.x
wso2 / identity_server_as_key_manager 5.6.0 5.6.0.x
wso2 / identity_server_as_key_manager 5.9.0 5.9.0.x
wso2 / identity_server_as_key_manager 5.10.0 5.10.0.x
wso2 / identity_server 5.7.0 5.7.0.x
wso2 / identity_server 5.8.0 5.8.0.x
wso2 / identity_server 5.5.0 5.5.0.x
wso2 / identity_server 5.9.0 5.9.0.x
wso2 / identity_server 5.10.0 5.10.0.x
wso2 / identity_server 5.6.0 5.6.0.x
wso2 / identity_server 5.4.0 5.4.0.x
wso2 / identity_server 5.4.1 5.4.1.x
wso2 / identity_server_analytics 5.5.0 5.5.0.x
wso2 / identity_server_analytics 5.4.1 5.4.1.x
wso2 / identity_server_analytics 5.6.0 5.6.0.x
wso2 / identity_server_analytics 5.4.0 5.4.0.x
wso2 / message_broker 3.2.0 3.2.0.x
org.wso2.carbon.registry / carbon-registry - 4.7.37