Lucene search
Veracode Vulnerability DatabaseVERACODE:35460HistoryMay 10, 2022 - 6:13 a.m.
Cross-site Scripting (XSS)
2022-05-1006:13:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
xss
vulnerability
regular expression
validation
localvarpath
recover function
passwordrecoveryapiv1.java
attacker
inject
execute
malicious javascript
callback urls
redirecting
malicious websites
software
EPSS
0.001
Percentile
36.7%
org.wso2.carbon.identity.mgt.endpoint.util is vulnerable to cross-site scripting. The vulnerability exists due to the lack of regular expression validation in the localVarPath parameter in the recover function of PasswordRecoveryApiV1.java, allowing an attacker to inject and execute malicious javascript through the callback URLs by redirecting to the malicious websites
Related
prion
prion
Open redirect
2021-12-07 21:15:00
osv
osv
CVE-2021-36760
2021-12-07 21:15:00
cve
cve
CVE-2021-36760
2021-12-07 21:15:08
cvelist
cvelist
CVE-2021-36760
2021-12-07 20:48:56
cnvd
cnvd
WSO2 Identity Server Cross-Site Scripting Vulnerability (CNVD-2021-100293)
2021-12-08 00:00:00
nvd
nvd
CVE-2021-36760
2021-12-07 21:15:08