WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
References
Link | Resource |
---|---|
https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html | Exploit Third Party Advisory |
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265 | Patch Vendor Advisory |
https://github.com/cybersecurityworks/Disclosed/issues/15 | Exploit Technical Description Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-09-21 18:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-14651
Mitre link : CVE-2017-14651
CVE.ORG link : CVE-2017-14651
JSON object : View
Products Affected
wso2
- enterprise_mobility_manager
- app_manager
- machine_learner
- application_server
- iot_server
- storage_server
- dashboard_server
- api_manager
- business_process_server
- data_services_server
- complex_event_processor
- governance_registry
- data_analytics_server
- message_broker
- identity_server
- enterprise_integrator
- business_rules_server
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')