org.wso2.am:am-parent is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the user input before it output to the front end, allowing an attacker to inject and execute malicious web scripts or HTML via a crafted payload through the tenantDomain
parameter of login.jsp
.
CPE | Name | Operator | Version |
---|---|---|---|
wso2 api manager - aggregator module | le | 4.1.0 | |
wso2 api manager - aggregator module | le | 4.1.0 |
github.com/adilkhan7/CVE-2023-31664
github.com/wso2/api-manager/issues?q=is%3Aissue+is%3Aclosed+label%3AComponent%2FAPIM+closed%3A2022-04-05..2023-03-11
github.com/wso2/product-apim/commit/a4742118059e9eeb426457dcf5cf7aaa362c6261
github.com/wso2/product-apim/pull/12997
github.com/wso2/product-apim/releases/tag/v4.2.0