First published: Tue Nov 12 2019(Updated: )
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WSO2 Identity Server | =5.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-18882 is a vulnerability in WSO2 IS as Key Manager 5.7.0 that allows stored XSS in download-userinfo.jag due to mishandling of Content-Type.
CVE-2019-18882 has a severity value of 6.1, which is considered medium.
CVE-2019-18882 affects WSO2 Identity Server version 5.7.0.
CVE-2019-18882 is associated with CWE-79, which is a weakness related to Improper Neutralization of Input During Web Page Generation.
To fix CVE-2019-18882, it is recommended to update WSO2 Identity Server to a version that resolves the vulnerability.