Stored Cross-Site Scripting Vulnerability in WSO2 Enterprise Integrator
CVE-2020-25516

5.4MEDIUM

Key Information:

Vendor: Wso2
Status: Enterprise Integrator
Vendor: CVE Published:; 29 October 2020

What is CVE-2020-25516?

WSO2 Enterprise Integrator versions 6.6.0 and earlier are vulnerable to a stored cross-site scripting (XSS) attack via the BPMN explorer tasks. This vulnerability allows an attacker to inject malicious scripts, which can be executed in the context of another user's session, potentially leading to theft of sensitive information or further exploitation of the affected system.

References

https://docs.wso2.com/display/Security/Security+Advisory+...

x_refsource_MISC

https://github.com/piuppi/Proof-of-Concepts/blob/main/WSO...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2020
Vulnerability Reserved
Sep 14, 2020

Wso2

What is CVE-2020-25516?

References

CVSS V3.1

Timeline