CVE-2023-6838: XSS
First published: Fri Dec 15 2023(Updated: )
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.
Credit: ed10eef1-636d-4fbe-9993-6890dfa878f8
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WSO2 API Manager | =3.1.0 | |
| WSO2 API Manager | =3.2.0 | |
| WSO2 Identity Server as Key Manager | =5.10.0 | |
| WSO2 Identity Server | =5.10.0 |
Remedy
For WSO2 Subscription holders, the recommended solution is to apply the provided patch/update to the affected versions of the products. If there are any instructions given with the patch/update, please make sure those are followed properly. Community users may apply the relevant fixes to the product based on the public fix(s) advertised in https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1233/
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-api
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- vendor/wso2
- canonical/wso2 api manager
- version/wso2 api manager/3.1.0
- version/wso2 api manager/3.2.0
- canonical/wso2 identity server as key manager
- version/wso2 identity server as key manager/5.10.0
- canonical/wso2 identity server
- version/wso2 identity server/5.10.0