Описание
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
Ссылки
- ExploitThird Party Advisory
- PatchVendor Advisory
- ExploitTechnical DescriptionThird Party Advisory
- ExploitThird Party Advisory
- PatchVendor Advisory
- ExploitTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:wso2:api_manager:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:app_manager:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:application_server:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:business_process_server:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:business_rules_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:complex_event_processor:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:dashboard_server:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:data_analytics_server:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:data_services_server:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:wso2:enterprise_integrator:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:wso2:enterprise_mobility_manager:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:governance_registry:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:iot_server:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:machine_learner:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:message_broker:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:storage_server:1.5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.07641
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
больше 3 лет назад
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
EPSS
Процентиль: 92%
0.07641
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79