Published: 25/04/2018 Updated: 28/02/2019

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

WSO2 Identity Server prior to 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wso2 identity server

SEC Consult Vulnerability Lab Security Advisory < 20180423-0 > ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 530 fixed version: WSO2 Identity Server 550 ...

WSO2 Identity Sever version 530 suffers from multiple persistent cross site scripting vulnerabilities ...

CWE-79 https://www.sec-consult.com/en/blog/advisories/multiple-stored-xss-vulnerabilities-in-wso2-carbon-and-dashboard-server/index.html http://seclists.org/fulldisclosure/2018/Apr/45 http://packetstormsecurity.com/files/147330/WSO2-Identity-Server-5.3.0-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/44531/http://www.securityfocus.com/archive/1/541954/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/44531/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-8716

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect