3 matches found
CVE-2021-36760
creationtimestamp| type| source ---|---|--- 2021-12-08 00:23:05+00:00| seen| https://t.me/cibsecurity/33529...
CVE-2021-36760
In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code wi...
CVE-2021-36760
WSO2 Identity Server 5.7.0 contains a DOM-Based XSS in accountrecoveryendpoint/recoverpassword.do that manipulates the callback parameter in the URL before the callback is invoked. This can lead to execution of injected JavaScript after the username/password reset flow completes. The same endpoin...