org.wso2.carbon.ui is vulnerable to cross-site scripting. The vulnerability exists due to the improper output encoding in the errorCode
parameter in the getSafeText
function of login.jsp
, allowing an attacker to inject and execute malicious javascript
packetstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-Scripting.html
docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603
github.com/advisories/GHSA-89jf-3rw8-q5w2
github.com/wso2/carbon-kernel//commit/a6c7350f57fa0c0af819ce596b646f2629a77b32
github.com/wso2/carbon-kernel/pull/3145