Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-31664

Published: 23/05/2023 Updated: 30/05/2023
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Api Manager

Vulnerability Summary

A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager prior to 4.2.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wso2 api manager

Github Repositories

https://github.com/adilkhan7/CVE-2023-31664

CVE-2023-31664 WSO2

CVE-2023-31664 CVE-2023-31664 A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/logindo of WSO2 Api Manager below v420 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter PoC: to exploit it only needs change the value of tenantDomain parameter from supercarbon to </scr

References

CWE-79https://github.com/wso2/api-manager/issues?q=is%3Aissue+is%3Aclosed+label%3AComponent%2FAPIM+closed%3A2022-04-05..2023-03-11https://github.com/wso2/product-apim/releases/tag/v4.2.0https://github.com/adilkhan7/CVE-2023-31664https://nvd.nist.govhttps://github.com/adilkhan7/CVE-2023-31664
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook