Stored Cross-Site Scripting Vulnerability in WSO2 API Manager and Identity Server
CVE-2019-20443

3.5LOW

Key Information:

Vendor

Wso2

Status
Api Manager
Identity Server
Enterprise Integrator
Vendor
CVE Published:
28 January 2020

What is CVE-2019-20443?

A potential stored Cross-Site Scripting (XSS) vulnerability has been discovered in the registry UI of WSO2 products, including the WSO2 API Manager, Enterprise Integrator, IS as Key Manager, and Identity Server. This vulnerability allows an attacker to inject malicious scripts through the mediaType field, which could lead to unauthorized access and manipulation of sensitive data. Users should take immediate action to mitigate the risk associated with this vulnerability to ensure the integrity and security of their applications.

References

https://docs.wso2.com/display/Security/Security+Advisory+...
x_refsource_MISC
https://github.com/cybersecurityworks/Disclosed/issues/26
x_refsource_MISC
https://cybersecurityworks.com/zerodays/cve-2019-20443-ws...
x_refsource_MISC

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.