First published: Tue May 14 2019(Updated: )
An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WSO2 Dashboard Server | =2.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-6514 is medium with a CVSS score of 4.8.
CVE-2019-6514 allows an attacker to inject a JavaScript payload that can be stored in the database and executed on the same page, leading to cross-site scripting (XSS) attacks.
Yes, WSO2 has released a security patch to address CVE-2019-6514. It is recommended to update to the latest version of WSO2 Dashboard Server.
You can find more information about CVE-2019-6514 on the WSO2 website and the Excellium Services CERT-XLM advisory.
The CWE ID for CVE-2019-6514 is 79, which stands for Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').