Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2021-100293
HistoryDec 08, 2021 - 12:00 a.m.

WSO2 Identity Server Cross-Site Scripting Vulnerability (CNVD-2021-100293)

2021-12-0800:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
wso2 identity server
cross-site scripting
vulnerability

EPSS

0.001

Percentile

36.7%

JSON

WSO2 Identity Server (IS) is an identity server from WSO2, Inc. A security vulnerability exists in WSO2 Identity Server, which stems from the fact that in WSO2 Identity Server 5.7.0, a dom-based XSS attack can be executed that affects the callback parameter modifying the callback parameter before the After the username or password reset process is complete, JavaScript code is executed. (recoverpassword. For similar reasons, Do also has an open redirect issue.) . No detailed vulnerability details are currently available.

Related

prion 1
osv 1
cve 1
cvelist 1
veracode 1
nvd 1
prion
prion
Open redirect
2021-12-07 21:15:00
osv
osv
CVE-2021-36760
2021-12-07 21:15:00
cve
cve
CVE-2021-36760
2021-12-07 21:15:08
cvelist
cvelist
CVE-2021-36760
2021-12-07 20:48:56
veracode
veracode
Cross-site Scripting (XSS)
2022-05-10 06:13:56
nvd
nvd
CVE-2021-36760
2021-12-07 21:15:08

EPSS

0.001

Percentile

36.7%

JSON
Related for CNVD-2021-100293
prion1osv1cve1cvelist1veracode1nvd1