Cross-Site Scripting Vulnerability in WSO2 API Manager by WSO2
CVE-2020-27885

6.1MEDIUM

Key Information:

Vendor: Wso2
Status: Api Manager
Vendor: CVE Published:; 29 October 2020

What is CVE-2020-27885?

A Cross-Site Scripting (XSS) vulnerability exists in WSO2 API Manager 3.1.0 that allows attackers to exploit the vulnerability and hijack an authenticated user's session. By executing a malicious script, an attacker can steal session cookies, enabling them to change the user's password and invalidate their active session. This could result in significant unauthorized access and manipulation of user accounts, making it critical for users of the affected version to ensure proper security measures and updates.

References

https://docs.wso2.com/display/Security/2020+Advisories

x_refsource_MISC

https://www.rodrigofavarini.com.br/cybersecurity/multiple...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2020
Vulnerability Reserved
Oct 27, 2020

Wso2

What is CVE-2020-27885?

References

CVSS V3.1

Timeline