Cross-Site Scripting Vulnerability in WSO2 Data Analytics Server
CVE-2017-14651

4.8MEDIUM

Key Information:

Vendor: Wso2
Status: Storage Server; Message Broker; Machine Learner; Iot Server
Vendor: CVE Published:; 21 September 2017

What is CVE-2017-14651?

The WSO2 Data Analytics Server version 3.1.0 is susceptible to Cross-Site Scripting (XSS) attacks through the 'collectionName' or 'parentPath' parameters in the add_collection_ajaxprocessor.jsp file. This vulnerability allows attackers to inject malicious scripts, potentially compromising user sessions and sensitive information. It is crucial for users of this version to apply patches and follow security best practices to mitigate the threat.

References

https://github.com/cybersecurityworks/Disclosed/issues/15

x_refsource_MISC

https://docs.wso2.com/display/Security/Security+Advisory+...

x_refsource_MISC

https://cybersecurityworks.com/zerodays/cve-2017-14651-ws...

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 21, 2017
Vulnerability Reserved
Sep 21, 2017

Wso2

What is CVE-2017-14651?

References

EPSS Score

CVSS V3.1

Timeline