Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1yZnEzLXdwamgtcHB2Z84AA4Ac

WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability

WSO2 Registry has been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.

Permalink: https://github.com/advisories/GHSA-rfq3-wpjh-ppvg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yZnEzLXdwamgtcHB2Z84AA4Ac
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 12 months ago
Updated: 12 months ago

CVSS Score: 4.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-rfq3-wpjh-ppvg, CVE-2023-6911
References:

Repository: https://github.com/wso2/carbon-registry
Blast Radius: 1.0

Affected Packages

maven:org.wso2.carbon.registry:carbon-registry

Dependent packages: 0
Dependent repositories: 0
Downloads:
Affected Version Ranges: < 4.7.37
Fixed in: 4.7.37
All affected versions: 4.6.11, 4.6.12, 4.6.13, 4.6.14, 4.6.15, 4.6.16, 4.6.17, 4.6.18, 4.6.19, 4.6.20, 4.6.21, 4.6.22, 4.6.23, 4.6.24, 4.6.25, 4.6.26, 4.6.27, 4.6.28, 4.6.29, 4.6.30, 4.6.31, 4.6.32, 4.6.33, 4.6.34, 4.6.35, 4.6.36, 4.6.37, 4.6.38, 4.6.39, 4.6.40, 4.6.41, 4.6.42, 4.7.13, 4.7.14, 4.7.15, 4.7.16, 4.7.17, 4.7.25, 4.7.26, 4.7.27, 4.7.28, 4.7.31, 4.7.32, 4.7.33, 4.7.34, 4.7.35, 4.7.36
All unaffected versions: 4.7.37, 4.7.38, 4.7.39, 4.7.40, 4.7.41, 4.7.42, 4.7.43, 4.7.44, 4.7.45, 4.7.46, 4.7.47, 4.7.48, 4.7.49, 4.7.50, 4.8.0, 4.8.1, 4.8.2, 4.8.7, 4.8.8, 4.8.9, 4.8.10, 4.8.11, 4.8.12, 4.8.13, 4.8.14, 4.8.15, 4.8.21, 4.8.23, 4.8.24, 4.8.30, 4.8.33, 4.8.35