漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor
Vulnerability Description
A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account with administrative access to the Management Console. If successful, the actor could inject persistent JavaScript payloads, enabling the theft of user data or execution of unauthorized actions on behalf of other users. While this issue enables persistent client-side script execution, session-related cookies remain protected with the httpOnly flag, preventing session hijacking.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
WSO2多款产品 安全漏洞
Vulnerability Description
WSO2 API Manager等都是美国WSO2公司的产品。WSO2 API Manager是一套API生命周期管理解决方案。WSO2 Enterprise Integrator是一套开源的混合集成平台。WSO2 Identity Server as Key Manager是一个身份服务器。 WSO2多款产品存在安全漏洞,该漏洞源于管理控制台中注册表部分的富文本编辑器输入验证不足,可能导致存储型跨站脚本攻击。以下产品受到影响:WSO2 API Manager、WSO2 Enterprise integr
CVSS Information
N/A
Vulnerability Type
N/A