0.001 Low
EPSS
Percentile
38.0%
org.wso2.carbon.registry is vulnerable to cross-site scripting. The vulnerability exists due to lack of encoding request parameters in the library which allows an attacker to inject and execute malicious JavaScript.
github.com/advisories/GHSA-gp5f-gqgq-7254
github.com/wso2/carbon-registry/commit/9f967abfde9317bee2cda469dbc09b57d539f2cc
github.com/wso2/carbon-registry/pull/399
github.com/wso2/carbon-registry/releases/tag/v4.8.12
github.com/wso2/carbon-registry/releases/tag/v4.8.7
vuldb.com/?id.215901