Cross-Site Scripting Vulnerability in WSO2 Data Analytics Server
CVE-2017-14651

4.8MEDIUM

Key Information:

Vendor

Wso2

Status
Storage Server
Message Broker
Machine Learner
Iot Server
Vendor
CVE Published:
21 September 2017

What is CVE-2017-14651?

The WSO2 Data Analytics Server version 3.1.0 is susceptible to Cross-Site Scripting (XSS) attacks through the 'collectionName' or 'parentPath' parameters in the add_collection_ajaxprocessor.jsp file. This vulnerability allows attackers to inject malicious scripts, potentially compromising user sessions and sensitive information. It is crucial for users of this version to apply patches and follow security best practices to mitigate the threat.

References

https://github.com/cybersecurityworks/Disclosed/issues/15
x_refsource_MISC
https://docs.wso2.com/display/Security/Security+Advisory+...
x_refsource_MISC
https://cybersecurityworks.com/zerodays/cve-2017-14651-ws...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.