CVE-2022-39809: XSS
First published: Fri Sep 09 2022(Updated: )
An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks would not be possible.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WSO2 Enterprise Integrator | =6.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-39809?
The severity of CVE-2022-39809 is medium with a CVSS score of 6.1.
What is the affected software for CVE-2022-39809?
The affected software for CVE-2022-39809 is WSO2 Enterprise Integrator version 6.4.0.
What is the vulnerability description for CVE-2022-39809?
CVE-2022-39809 is a Reflected Cross-Site Scripting (XSS) vulnerability in the Management Console of WSO2 Enterprise Integrator 6.4.0.
How can the Reflected Cross-Site Scripting (XSS) vulnerability be exploited?
The Reflected Cross-Site Scripting (XSS) vulnerability in CVE-2022-39809 can be exploited by injecting malicious code through the 'name' parameter in the Management Console.
Are there any known mitigations for CVE-2022-39809?
At this time, there are no known mitigations for CVE-2022-39809. It is recommended to update to a patched version of WSO2 Enterprise Integrator.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/wso2
- canonical/wso2 enterprise integrator
- version/wso2 enterprise integrator/6.4.0