- Description
- Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.
- Source
- ed10eef1-636d-4fbe-9993-6890dfa878f8
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1344FB79-0796-445C-A8F3-C03E995925D1"
},
{
"criteria": "cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E31E32CD-497E-4EF5-B3FC-8718EE06EDAD"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BB34405-A2F1-461A-B51B-E103BB3680A1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4F126CA-A2F9-44F4-968B-DF71765869E5"
}
],
"operator": "OR"
}
]
}
]