Vulnerability Details CVE-2023-6911
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.4%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2023-6911
-
cpe:2.3:a:wso2:api_manager:2.2.0
-
cpe:2.3:a:wso2:api_manager:2.5.0
-
cpe:2.3:a:wso2:api_manager:2.6.0
-
cpe:2.3:a:wso2:api_manager:3.0.0
-
cpe:2.3:a:wso2:api_manager:3.1.0
-
cpe:2.3:a:wso2:api_manager:3.2.0
-
cpe:2.3:a:wso2:api_manager_analytics:2.2.0
-
cpe:2.3:a:wso2:api_manager_analytics:2.5.0
-
cpe:2.3:a:wso2:api_microgateway:2.2.0
-
cpe:2.3:a:wso2:data_analytics_server:3.2.0
-
cpe:2.3:a:wso2:enterprise_integrator:6.1.0
-
cpe:2.3:a:wso2:enterprise_integrator:6.1.1
-
cpe:2.3:a:wso2:enterprise_integrator:6.2.0
-
cpe:2.3:a:wso2:enterprise_integrator:6.3.0
-
cpe:2.3:a:wso2:enterprise_integrator:6.4.0
-
cpe:2.3:a:wso2:enterprise_integrator:6.5.0
-
cpe:2.3:a:wso2:enterprise_integrator:6.6.0
-
cpe:2.3:a:wso2:identity_server:5.10.0
-
cpe:2.3:a:wso2:identity_server:5.4.0
-
cpe:2.3:a:wso2:identity_server:5.4.1
-
cpe:2.3:a:wso2:identity_server:5.5.0
-
cpe:2.3:a:wso2:identity_server:5.6.0
-
cpe:2.3:a:wso2:identity_server:5.7.0
-
cpe:2.3:a:wso2:identity_server:5.8.0
-
cpe:2.3:a:wso2:identity_server:5.9.0
-
cpe:2.3:a:wso2:identity_server_analytics:5.4.0
-
cpe:2.3:a:wso2:identity_server_analytics:5.4.1
-
cpe:2.3:a:wso2:identity_server_analytics:5.5.0
-
cpe:2.3:a:wso2:identity_server_analytics:5.6.0
-
cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0
-
cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0
-
cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0
-
cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0
-
cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0
-
cpe:2.3:a:wso2:message_broker:3.2.0