CVE-2023-6911 (GCVE-0-2023-6911)
Vulnerability from cvelistv5 – Published: 2023-12-18 08:32 – Updated: 2024-08-02 08:42
VLAI?
Summary
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WSO2 | WSO2 API Manager |
Unknown:
0 , < 2.2.0.0
(custom)
Affected: 2.2.0.0 , < 2.2.0.1 (custom) Affected: 2.5.0.0 , < 2.5.0.1 (custom) Affected: 2.6.0.0 , < 2.6.0.1 (custom) Affected: 3.0.0.0 , < 3.0.0.1 (custom) Affected: 3.1.0.0 , < 3.1.0.1 (custom) Affected: 3.2.0.0 , < 3.2.0.1 (custom) |
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WSO2 API Manager",
"repo": "https://github.com/wso2/product-apim",
"vendor": "WSO2",
"versions": [
{
"lessThan": "2.2.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.2.0.1",
"status": "affected",
"version": "2.2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.5.0.1",
"status": "affected",
"version": "2.5.0.0",
"versionType": "custom"
},
{
"lessThan": "2.6.0.1",
"status": "affected",
"version": "2.6.0.0",
"versionType": "custom"
},
{
"lessThan": "3.0.0.1",
"status": "affected",
"version": "3.0.0.0",
"versionType": "custom"
},
{
"lessThan": "3.1.0.1",
"status": "affected",
"version": "3.1.0.0",
"versionType": "custom"
},
{
"lessThan": "3.2.0.1",
"status": "affected",
"version": "3.2.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 API Manager Analytics",
"repo": "https://github.com/wso2/analytics-apim",
"vendor": "WSO2",
"versions": [
{
"lessThan": "2.2.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.2.0.1",
"status": "affected",
"version": "2.2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.5.0.1",
"status": "affected",
"version": "2.5.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 API Microgateway",
"vendor": "WSO2",
"versions": [
{
"lessThan": "2.2.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.2.0.1",
"status": "affected",
"version": "2.2.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Data Analytics Server",
"vendor": "WSO2",
"versions": [
{
"lessThan": "3.2.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.2.0.1",
"status": "affected",
"version": "3.2.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Enterprise Integrator",
"repo": "https://github.com/wso2/product-ei",
"vendor": "WSO2",
"versions": [
{
"lessThan": "6.1.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.1.0.9",
"status": "affected",
"version": "6.1.0.0",
"versionType": "custom"
},
{
"lessThan": "6.1.1.9",
"status": "affected",
"version": "6.1.1.0",
"versionType": "custom"
},
{
"lessThan": "6.2.0.7",
"status": "affected",
"version": "6.2.0.0",
"versionType": "custom"
},
{
"lessThan": "6.3.0.1",
"status": "affected",
"version": "6.3.0.0",
"versionType": "custom"
},
{
"lessThan": "6.4.0.1",
"status": "affected",
"version": "6.4.0.0",
"versionType": "custom"
},
{
"lessThan": "6.5.0.6",
"status": "affected",
"version": "6.5.0.0",
"versionType": "custom"
},
{
"lessThan": "6.6.0.11",
"status": "affected",
"version": "6.6.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 IS as Key Manager",
"vendor": "WSO2",
"versions": [
{
"lessThan": "5.5.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.5.0.1",
"status": "affected",
"version": "5.5.0.0",
"versionType": "custom"
},
{
"lessThan": "5.6.0.1",
"status": "affected",
"version": "5.6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.7.0.1",
"status": "affected",
"version": "5.7.0.0",
"versionType": "custom"
},
{
"lessThan": "5.9.0.1",
"status": "affected",
"version": "5.9.0.0",
"versionType": "custom"
},
{
"lessThan": "5.10.0.1",
"status": "affected",
"version": "5.10.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Identity Server",
"repo": "https://github.com/wso2/product-is",
"vendor": "WSO2",
"versions": [
{
"lessThan": "5.4.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.4.0.4",
"status": "affected",
"version": "5.4.0.0",
"versionType": "custom"
},
{
"lessThan": "5.4.1.3",
"status": "affected",
"version": "5.4.1.0",
"versionType": "custom"
},
{
"lessThan": "5.5.0.1",
"status": "affected",
"version": "5.5.0.0",
"versionType": "custom"
},
{
"lessThan": "5.6.0.1",
"status": "affected",
"version": "5.6.0.0",
"versionType": "custom"
},
{
"lessThan": "5.7.0.1",
"status": "affected",
"version": "5.7.0.0",
"versionType": "custom"
},
{
"lessThan": "5.8.0.5",
"status": "affected",
"version": "5.8.0.0",
"versionType": "custom"
},
{
"lessThan": "5.9.0.1",
"status": "affected",
"version": "5.9.0.0",
"versionType": "custom"
},
{
"lessThan": "5.10.0.1",
"status": "affected",
"version": "5.10.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Identity Server Analytics",
"repo": "https://github.com/wso2/analytics-is",
"vendor": "WSO2",
"versions": [
{
"lessThan": "5.4.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "5.4.0.2",
"status": "affected",
"version": "5.4.0.0",
"versionType": "custom"
},
{
"lessThan": "5.4.1.2",
"status": "affected",
"version": "5.4.1.0",
"versionType": "custom"
},
{
"lessThan": "5.5.0.1",
"status": "affected",
"version": "5.5.0.0",
"versionType": "custom"
},
{
"lessThan": "5.6.0.1",
"status": "affected",
"version": "5.6.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WSO2 Message Broker",
"vendor": "WSO2",
"versions": [
{
"lessThan": "3.2.0.0",
"status": "unknown",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.2.0.3",
"status": "affected",
"version": "3.2.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.\u003cbr\u003e"
}
],
"value": "Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T08:32:58.961Z",
"orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"shortName": "WSO2"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For WSO2 Subscription holders, the recommended solution is to apply the provided patch/update to the affected versions of the products. If there are any instructions given with the patch/update, please make sure those are followed properly.\u003cbr\u003e\u003cbr\u003eCommunity users may apply the relevant fixes to the product based on the public fix(s) advertised in\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1...\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "For WSO2 Subscription holders, the recommended solution is to apply the provided patch/update to the affected versions of the products. If there are any instructions given with the patch/update, please make sure those are followed properly.\n\nCommunity users may apply the relevant fixes to the product based on the public fix(s) advertised in\u00a0 https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/ \n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"assignerShortName": "WSO2",
"cveId": "CVE-2023-6911",
"datePublished": "2023-12-18T08:32:58.961Z",
"dateReserved": "2023-12-18T08:23:45.214Z",
"dateUpdated": "2024-08-02T08:42:08.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6819491F-C6C3-41C1-B27A-0D0B62224977\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D57C8CF-084D-4142-9AF1-7C9F1261A3BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC168B6A-B15A-4C3B-A38D-C0B65F24F333\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FF14774-8935-4FC9-B5C8-9771B3D6EBFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1344FB79-0796-445C-A8F3-C03E995925D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E31E32CD-497E-4EF5-B3FC-8718EE06EDAD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADEAF56C-4583-40A6-826F-01AC86191AD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04A2A50A-872E-4CC7-BBB7-3E0956176AAC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79CDDE83-4CB6-4DA3-8E96-FCDA4F5C1E93\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:data_analytics_server:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CCDDFAB-C8FC-41C4-9872-667C442F119B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:enterprise_integrator:6.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D64106E7-1956-4AAA-915F-7E6DB7461BD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:enterprise_integrator:6.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA3B48BB-ECB5-4A94-B76D-97BC3D303E9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:enterprise_integrator:6.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66292C25-B0B9-4FCE-9382-57B8F6BB814A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:enterprise_integrator:6.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"709DC7EA-18A6-4B83-84CB-F2499BEB5D2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:enterprise_integrator:6.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18E8577A-B322-4A70-B8AB-9DE45EFDF229\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:enterprise_integrator:6.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FCA89E3-F37E-494E-AD46-B9A04E608908\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:enterprise_integrator:6.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4A07C73-3E6B-4CF9-BEB9-39C6081C0332\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4F0F121-700C-4D30-BAFC-960DCC56F08B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E5761F7-C287-4EC4-A899-C54FB4E80A35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B184BFC-8E1A-4971-B6D2-C594742AB8CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA51AC1B-0BF6-44F6-B034-CAD4F623DD76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BB34405-A2F1-461A-B51B-E103BB3680A1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B9E7D773-A7CE-4AB8-828B-C2E7DC2799AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server:5.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEA63B98-D4B4-4FCD-A869-FE64BC21A1B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server:5.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DA0050E-D5DD-45E5-9F61-DC1BB060EFF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server:5.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26542F95-73F3-4906-838E-A66F5DC9DFA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server:5.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60781FE4-38A3-4FEA-9D8B-CADE4B535974\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server:5.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B169832-A746-49A6-8E92-06624AA9B13A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server:5.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"981D701D-E381-484A-9614-CD0EF0331071\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4F126CA-A2F9-44F4-968B-DF71765869E5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C32F5725-22BA-417A-B2A6-F120CA377E39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B388C2B1-89EF-4D16-AD6A-675BDC6E3854\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42BFE7A0-A168-4C1E-8725-41DD500C837E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5508EC5E-BEEA-49A7-BA2E-AEF40ECCB5C8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wso2:message_broker:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8E3ADAB-067C-4D18-BDCA-43DDC607E4BA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.\\n\"}, {\"lang\": \"es\", \"value\": \"Se han identificado varios productos WSO2 como vulnerables debido a una codificaci\\u00f3n de salida incorrecta; un atacante puede llevar a cabo un ataque de Cross-Site Scripting (XSS) Almacenado inyectando un payload malicioso en la funci\\u00f3n de registro de Management Console.\"}]",
"id": "CVE-2023-6911",
"lastModified": "2024-11-21T08:44:49.210",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 2.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 2.7}]}",
"published": "2023-12-18T09:15:05.810",
"references": "[{\"url\": \"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/\", \"source\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-6911\",\"sourceIdentifier\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"published\":\"2023-12-18T09:15:05.810\",\"lastModified\":\"2024-11-21T08:44:49.210\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.\\n\"},{\"lang\":\"es\",\"value\":\"Se han identificado varios productos WSO2 como vulnerables debido a una codificaci\u00f3n de salida incorrecta; un atacante puede llevar a cabo un ataque de Cross-Site Scripting (XSS) Almacenado inyectando un payload malicioso en la funci\u00f3n de registro de Management Console.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6819491F-C6C3-41C1-B27A-0D0B62224977\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D57C8CF-084D-4142-9AF1-7C9F1261A3BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC168B6A-B15A-4C3B-A38D-C0B65F24F333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FF14774-8935-4FC9-B5C8-9771B3D6EBFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1344FB79-0796-445C-A8F3-C03E995925D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E31E32CD-497E-4EF5-B3FC-8718EE06EDAD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADEAF56C-4583-40A6-826F-01AC86191AD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04A2A50A-872E-4CC7-BBB7-3E0956176AAC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79CDDE83-4CB6-4DA3-8E96-FCDA4F5C1E93\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:data_analytics_server:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CCDDFAB-C8FC-41C4-9872-667C442F119B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D64106E7-1956-4AAA-915F-7E6DB7461BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA3B48BB-ECB5-4A94-B76D-97BC3D303E9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66292C25-B0B9-4FCE-9382-57B8F6BB814A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"709DC7EA-18A6-4B83-84CB-F2499BEB5D2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18E8577A-B322-4A70-B8AB-9DE45EFDF229\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FCA89E3-F37E-494E-AD46-B9A04E608908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:enterprise_integrator:6.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4A07C73-3E6B-4CF9-BEB9-39C6081C0332\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4F0F121-700C-4D30-BAFC-960DCC56F08B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E5761F7-C287-4EC4-A899-C54FB4E80A35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B184BFC-8E1A-4971-B6D2-C594742AB8CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA51AC1B-0BF6-44F6-B034-CAD4F623DD76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BB34405-A2F1-461A-B51B-E103BB3680A1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9E7D773-A7CE-4AB8-828B-C2E7DC2799AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEA63B98-D4B4-4FCD-A869-FE64BC21A1B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DA0050E-D5DD-45E5-9F61-DC1BB060EFF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:5.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26542F95-73F3-4906-838E-A66F5DC9DFA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:5.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60781FE4-38A3-4FEA-9D8B-CADE4B535974\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:5.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B169832-A746-49A6-8E92-06624AA9B13A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:5.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"981D701D-E381-484A-9614-CD0EF0331071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4F126CA-A2F9-44F4-968B-DF71765869E5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C32F5725-22BA-417A-B2A6-F120CA377E39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B388C2B1-89EF-4D16-AD6A-675BDC6E3854\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42BFE7A0-A168-4C1E-8725-41DD500C837E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5508EC5E-BEEA-49A7-BA2E-AEF40ECCB5C8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wso2:message_broker:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8E3ADAB-067C-4D18-BDCA-43DDC607E4BA\"}]}]}],\"references\":[{\"url\":\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/\",\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…