2 matches found
Session Hijacking
org.wso2.carbon:org.wso2.carbon.ui is vulnerable to session hijacking. When a victim is tricked to submit a specifically crafted Try It request to an attacker-controlled server, a valid Carbon Management Console session cookie is exposed which helps the attacker to hijack the browser session...
Cross-site Scripting (XSS)
org.wso2.carbon.identity.application.authentication.framework is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the authenticationEndpointURL parameter in readAuthenticationEndpointURL function of FileBasedConfigurationBuilder.java...