2 matches found
Design/Logic Flaw
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as t...
PT-2020-10448 · Wso2 · Wso2 Identity Server +2
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager version 2.6.0 WSO2 IS as Key Manager version 5.7.0 WSO2 Identity Server version 5.8.0 Description: An issue was discovered where a custom claim dialect with an XSS payload, when configured in the identity provider basic claim...