Lucene search
Veracode Vulnerability DatabaseVERACODE:40758HistoryJun 01, 2023 - 12:37 p.m.
Cross-Site Scripting (XSS)
2023-06-0112:37:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
org.wso2.am
cross-site scripting
xss attacks
library
user input
malicious script
`tenantdomain`
`login.jsp`
0.001 Low
EPSS
Percentile
44.0%
org.wso2.am:am-parent is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the user input before it output to the front end, allowing an attacker to inject and execute malicious web scripts or HTML via a crafted payload through the tenantDomain parameter of login.jsp.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wso2 api manager - aggregator module | le | 4.1.0 | |
| wso2 api manager - aggregator module | le | 4.1.0 |
References
github.com/adilkhan7/CVE-2023-31664
github.com/wso2/api-manager/issues?q=is%3Aissue+is%3Aclosed+label%3AComponent%2FAPIM+closed%3A2022-04-05..2023-03-11
github.com/wso2/product-apim/commit/a4742118059e9eeb426457dcf5cf7aaa362c6261
github.com/wso2/product-apim/pull/12997
github.com/wso2/product-apim/releases/tag/v4.2.0
Related
cve
cve
CVE-2023-31664
2023-05-23 01:15:09
osv
osv
CVE-2023-31664
2023-05-23 01:15:09
cvelist
cvelist
CVE-2023-31664
2023-05-23 00:00:00
prion
prion
Cross site scripting
2023-05-23 01:15:00
nvd
nvd
CVE-2023-31664
2023-05-23 01:15:09