Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
wso2 api manager 2.6.0 |
||
wso2 api manager 3.0.0 |
||
wso2 api manager 2.2.0 |
||
wso2 api manager 3.1.0 |
||
wso2 api manager 3.2.0 |
||
wso2 api manager 2.5.0 |
||
wso2 api manager analytics 2.2.0 |
||
wso2 api manager analytics 2.5.0 |
||
wso2 api microgateway 2.2.0 |
||
wso2 data analytics server 3.2.0 |
||
wso2 enterprise integrator 6.1.1 |
||
wso2 enterprise integrator 6.5.0 |
||
wso2 enterprise integrator 6.2.0 |
||
wso2 enterprise integrator 6.3.0 |
||
wso2 enterprise integrator 6.4.0 |
||
wso2 enterprise integrator 6.6.0 |
||
wso2 enterprise integrator 6.1.0 |
||
wso2 identity server as key manager 5.7.0 |
||
wso2 identity server as key manager 5.5.0 |
||
wso2 identity server as key manager 5.6.0 |
||
wso2 identity server as key manager 5.9.0 |
||
wso2 identity server as key manager 5.10.0 |
||
wso2 identity server 5.7.0 |
||
wso2 identity server 5.8.0 |
||
wso2 identity server 5.5.0 |
||
wso2 identity server 5.9.0 |
||
wso2 identity server 5.10.0 |
||
wso2 identity server 5.6.0 |
||
wso2 identity server 5.4.0 |
||
wso2 identity server 5.4.1 |
||
wso2 identity server analytics 5.5.0 |
||
wso2 identity server analytics 5.4.1 |
||
wso2 identity server analytics 5.6.0 |
||
wso2 identity server analytics 5.4.0 |
||
wso2 message broker 3.2.0 |
Vulmon