Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2021-36760
HistoryDec 07, 2021 - 8:48 p.m.

CVE-2021-36760

2021-12-0720:48:56
mitre
www.cve.org
1
wso2 identity server
dom-based xss
account recovery

EPSS

0.001

Percentile

36.7%

JSON

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.)

Related

prion 1
osv 1
cve 1
veracode 1
cnvd 1
nvd 1
prion
prion
Open redirect
2021-12-07 21:15:00
osv
osv
CVE-2021-36760
2021-12-07 21:15:00
cve
cve
CVE-2021-36760
2021-12-07 21:15:08
veracode
veracode
Cross-site Scripting (XSS)
2022-05-10 06:13:56
cnvd
cnvd
WSO2 Identity Server Cross-Site Scripting Vulnerability (CNVD-2021-100293)
2021-12-08 00:00:00
nvd
nvd
CVE-2021-36760
2021-12-07 21:15:08

EPSS

0.001

Percentile

36.7%

JSON
Related for CVELIST:CVE-2021-36760
prion1osv1cve1veracode1cnvd1nvd1