org.wso2.carbon:org.wso2.carbon.ui is vulnerable to session hijacking. When a victim is tricked to submit a specifically crafted Try It request
to an attacker-controlled server, a valid Carbon Management Console session
cookie is exposed which helps the attacker to hijack the browser session.
CPE | Name | Operator | Version |
---|---|---|---|
wso2 carbon - ui | le | 4.5.3 | |
wso2 carbon - ui | le | 4.5.3 |