WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
6.1CVSS
5.9AI Score
0.008EPSS
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4....
6.1CVSS
5.8AI Score
0.046EPSS
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
7.5CVSS
7.6AI Score
0.001EPSS