Vulnerability Details CVE-2017-14651
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.093
EPSS Ranking 92.3%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265
- https://github.com/cybersecurityworks/Disclosed/issues/15
- https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265
- https://github.com/cybersecurityworks/Disclosed/issues/15
Products affected by CVE-2017-14651
-
cpe:2.3:a:wso2:api_manager:2.1.0
-
cpe:2.3:a:wso2:app_manager:1.2.0
-
cpe:2.3:a:wso2:application_server:5.3.0
-
cpe:2.3:a:wso2:business_process_server:3.6.0
-
cpe:2.3:a:wso2:business_rules_server:2.2.0
-
cpe:2.3:a:wso2:complex_event_processor:4.2.0
-
cpe:2.3:a:wso2:dashboard_server:2.0.0
-
cpe:2.3:a:wso2:data_analytics_server:3.1.0
-
cpe:2.3:a:wso2:data_services_server:3.5.1
-
cpe:2.3:a:wso2:enterprise_integrator:6.1.1
-
cpe:2.3:a:wso2:enterprise_mobility_manager:2.2.0
-
cpe:2.3:a:wso2:governance_registry:5.4.0
-
cpe:2.3:a:wso2:identity_server:5.3.0
-
cpe:2.3:a:wso2:iot_server:3.0.0
-
cpe:2.3:a:wso2:machine_learner:1.2.0
-
cpe:2.3:a:wso2:message_broker:3.2.0
-
cpe:2.3:a:wso2:storage_server:1.5.0