Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WSO2 Identity Server 跨站脚本漏洞
Vulnerability Description
WSO2 Identity Server(IS)是美国WSO2公司的一款身份认证服务器。 WSO2 Identity Server存在安全漏洞,该漏洞源于在WSO2 Identity Server 5.7.0中,可以执行基于dom的XSS攻击,影响回调参数修改回调参数之前的URL。用户名或密码重置过程完成后,将执行JavaScript代码。(recoverpassword。出于类似的原因,Do也有一个开放重定向问题。)
CVSS Information
N/A
Vulnerability Type
N/A