1. Home
  2. Vulnerabilities
  3. CVE-2023-6911

CVE-2023-6911

CVSS v3.1 4.8 (Medium)
48% Progress
EPSS 0.04 % (15th)
0.04% Progress
Affected Products 9
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
WSO2 LLC
Published Date
2023-12-18 09:15:05
(9 months ago)
Updated Date
2023-12-22 17:31:09
(9 months ago)

Affected Products

Wso2

Configuration #1

    CPE23 From Up To
  Wso2 Api Manager 2.2.0 cpe:2.3:a:wso2:api_manager:2.2.0
  Wso2 Api Manager 2.5.0 cpe:2.3:a:wso2:api_manager:2.5.0
  Wso2 Api Manager 2.6.0 cpe:2.3:a:wso2:api_manager:2.6.0
  Wso2 Api Manager 3.0.0 cpe:2.3:a:wso2:api_manager:3.0.0
  Wso2 Api Manager 3.1.0 cpe:2.3:a:wso2:api_manager:3.1.0
  Wso2 Api Manager 3.2.0 cpe:2.3:a:wso2:api_manager:3.2.0

Configuration #2

    CPE23 From Up To
  Wso2 Api Manager Analytics 2.2.0 cpe:2.3:a:wso2:api_manager_analytics:2.2.0
  Wso2 Api Manager Analytics 2.5.0 cpe:2.3:a:wso2:api_manager_analytics:2.5.0

Configuration #3

    CPE23 From Up To
  Wso2 Api Microgateway 2.2.0 cpe:2.3:a:wso2:api_microgateway:2.2.0

Configuration #4

    CPE23 From Up To
  Wso2 Data Analytics Server 3.2.0 cpe:2.3:a:wso2:data_analytics_server:3.2.0

Configuration #5

    CPE23 From Up To
  Wso2 Enterprise Integrator 6.1.0 cpe:2.3:a:wso2:enterprise_integrator:6.1.0
  Wso2 Enterprise Integrator 6.1.1 cpe:2.3:a:wso2:enterprise_integrator:6.1.1
  Wso2 Enterprise Integrator 6.2.0 cpe:2.3:a:wso2:enterprise_integrator:6.2.0
  Wso2 Enterprise Integrator 6.3.0 cpe:2.3:a:wso2:enterprise_integrator:6.3.0
  Wso2 Enterprise Integrator 6.4.0 cpe:2.3:a:wso2:enterprise_integrator:6.4.0
  Wso2 Enterprise Integrator 6.5.0 cpe:2.3:a:wso2:enterprise_integrator:6.5.0
  Wso2 Enterprise Integrator 6.6.0 cpe:2.3:a:wso2:enterprise_integrator:6.6.0

Configuration #6

    CPE23 From Up To
  Wso2 Identity Server As Key Manager 5.5.0 cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0
  Wso2 Identity Server As Key Manager 5.6.0 cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0
  Wso2 Identity Server As Key Manager 5.7.0 cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0
  Wso2 Identity Server As Key Manager 5.9.0 cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0
  Wso2 Identity Server As Key Manager 5.10.0 cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0

Configuration #7

    CPE23 From Up To
  Wso2 Identity Server 5.4.0 cpe:2.3:a:wso2:identity_server:5.4.0
  Wso2 Identity Server 5.4.1 cpe:2.3:a:wso2:identity_server:5.4.1
  Wso2 Identity Server 5.5.0 cpe:2.3:a:wso2:identity_server:5.5.0
  Wso2 Identity Server 5.6.0 cpe:2.3:a:wso2:identity_server:5.6.0
  Wso2 Identity Server 5.7.0 cpe:2.3:a:wso2:identity_server:5.7.0
  Wso2 Identity Server 5.8.0 cpe:2.3:a:wso2:identity_server:5.8.0
  Wso2 Identity Server 5.9.0 cpe:2.3:a:wso2:identity_server:5.9.0
  Wso2 Identity Server 5.10.0 cpe:2.3:a:wso2:identity_server:5.10.0

Configuration #8

    CPE23 From Up To
  Wso2 Identity Server Analytics 5.4.0 cpe:2.3:a:wso2:identity_server_analytics:5.4.0
  Wso2 Identity Server Analytics 5.4.1 cpe:2.3:a:wso2:identity_server_analytics:5.4.1
  Wso2 Identity Server Analytics 5.5.0 cpe:2.3:a:wso2:identity_server_analytics:5.5.0
  Wso2 Identity Server Analytics 5.6.0 cpe:2.3:a:wso2:identity_server_analytics:5.6.0

Configuration #9

    CPE23 From Up To
  Wso2 Message Broker 3.2.0 cpe:2.3:a:wso2:message_broker:3.2.0