Reflected XSS Vulnerability in WSO2 Enterprise Integrator 6.4.0 Management Console

Reflected XSS Vulnerability in WSO2 Enterprise Integrator 6.4.0 Management Console

CVE-2022-39809 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks would not be possible.

Learn more about our Web Application Penetration Testing UK.