docs.wso2.com
Open in
urlscan Pro
2606:4700::6812:f48
Public Scan
URL:
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0707
Submission: On November 16 via api from GB — Scanned from GB
Submission: On November 16 via api from GB — Scanned from GB
Form analysis 1 forms found in the DOM
Name: pagetreesearchform — POST /plugins/pagetreesearch/pagetreesearch.action
<form method="POST" class="aui" action="/plugins/pagetreesearch/pagetreesearch.action" name="pagetreesearchform">
<input type="hidden" name="ancestorId" value="53123508">
<input type="hidden" name="spaceKey" value="Security">
<input type="text" class="text medium-field" size="20" name="queryString" placeholder="Search this documentation">
<input type="submit" class="aui-button" value="Search">
</form>Text Content
* Skip to content
* Skip to breadcrumbs
* Skip to header menu
* Skip to action menu
* Skip to quick search
WSO2 DOCUMENTATION
* Spaces
*
* Hit enter to search
* Help
* Online Help
* Keyboard Shortcuts
* Feed Builder
* What’s new
* Available Gadgets
* About Confluence
*
*
*
* Log in
WSO2 Platform Security
* WSO2 Documentation
* Training
* Community
* Collapse all
Expand all Collapse all
* Acknowledgments
* Security Advisories
* 2017 Advisories
* 2016 Advisories
* 2018 Advisories
* 2019 Advisories
* 2020 Advisories
* Security Advisory WSO2-2018-0537
* Security Advisory WSO2-2019-0651
* Security Advisory WSO2-2019-0663
* Security Advisory WSO2-2019-0665
* Security Advisory WSO2-2019-0666
* Security Advisory WSO2-2019-0667
* Security Advisory WSO2-2019-0670
* Security Advisory WSO2-2019-0673
* Security Advisory WSO2-2019-0681
* Security Advisory WSO2-2020-0684
* Security Advisory WSO2-2020-0685
* Security Advisory WSO2-2020-0687
* Security Advisory WSO2-2020-0688
* Security Advisory WSO2-2020-0689
* Security Advisory WSO2-2020-0690
* Security Advisory WSO2-2020-0693
* Security Advisory WSO2-2020-0698
* Security Advisory WSO2-2020-0699
* Security Advisory WSO2-2020-0700
* Security Advisory WSO2-2020-0701
* Security Advisory WSO2-2020-0702
* Security Advisory WSO2-2020-0705
* Security Advisory WSO2-2020-0706
* Security Advisory WSO2-2020-0707
* Security Advisory WSO2-2020-0711
* Security Advisory WSO2-2020-0713
* Security Advisory WSO2-2020-0718
* Security Advisory WSO2-2020-0722
* Security Advisory WSO2-2020-0727
* Security Advisory WSO2-2020-0728
* Security Advisory WSO2-2020-0730
* Security Advisory WSO2-2020-0731
* Security Advisory WSO2-2020-0734
* Security Advisory WSO2-2020-0742
* Security Advisory WSO2-2020-0747
* Security Advisory WSO2-2020-0751
* Security Advisory WSO2-2020-0752
* Security Advisory WSO2-2020-0755
* Security Advisory WSO2-2020-0781
* Security Advisory WSO2-2020-0843
* Security Advisory WSO2-2020-0864
* Security Advisory WSO2-2020-0873
* Security Advisory WSO2-2020-1119
* Security Advisory WSO2-2020-1139
* Security Advisory WSO2-2020-1196
* 2021 Advisories
* 2022 Advisories
* CVE Clarifications
* Incident Clarifications
* Security Processes and Programs
* Security Guidelines for Production Deployment
* CVE to WSO2 Security Advisory Mapping
Browse pages
ConfigureSpace tools
* Overview
* Content Tools
* Activity
* Browse pages
||
* * Attachments (0)
* Page History
* Page Information
* Resolved comments (0)
* View in Hierarchy
* View Source
* Export to PDF
* Export to Word
1. Pages
2. …
3. WSO2 Platform Security
4. Security Advisories
5. 2020 Advisories
Skip to end of banner
*
* Jira links
Go to start of banner
SECURITY ADVISORY WSO2-2020-0707
Skip to end of metadata
* Created by Suresh Rupasinghe, last modified on May 13, 2020
Go to start of metadata
Published: 13th May 2020
Severity: Medium
CVSS Score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
AFFECTED PRODUCTS
WSO2 IS as Key Manager : 5.9.0 or earlier
WSO2 Identity Server : 5.9.0 or earlier
OVERVIEW
A potential Reflected Cross-Site Scripting (XSS) vulnerability has been
identified in the Management Console.
DESCRIPTION
Policy Administration user interface is found to be vulnerable to a potential
Reflected XSS attack.
IMPACT
By leveraging an XSS attack, an attacker can make the browser get redirected to
a malicious website, make changes in the UI of the web page, retrieve
information from the browser or harm otherwise. However, since all the session
related sensitive cookies are set with httpOnly flag and protected, session
hijacking or similar attacks would not be possible.
SOLUTION
If you are using an affected product version, it is highly recommended to
migrate to the latest released version to receive security fixes.
You may also apply the relevant fixes based on the changes from the public
fix: https://github.com/wso2/carbon-identity-framework/pull/2738
Note: If you are a WSO2 customer with Support Subscription, please use WSO2
Update Manager (WUM) updates in order to apply the fix.
CREDITS
WSO2 thanks, Vijayakumar Muniraj (Cyber Security Research Labs) for responsibly
reporting the identified issue and working with us as we addressed it.
* No labels
Overview
Content Tools
Activity
||
* Get Support
Copyright © WSO2 LLC 2015-2022
Content licensed under CC By 4.0. Samples licensed under Apache 2.0.
Powered by a free Atlassian Confluence Community License granted to WSO2, Inc..
Evaluate Confluence today.
This Confluence installation runs a Free Gliffy License - Evaluate the Gliffy
Confluence Plugin for your Wiki!
* Powered by Atlassian Confluence 7.1.0
* Printed by Atlassian Confluence 7.1.0
* Report a bug
* Atlassian News
Atlassian
{"serverDuration": 135, "requestCorrelationId": "b015ac7505132371"}
1. WSO2 Platform Security
2. Pages
3. …
4. WSO2 Platform Security
5. Security Advisories
6. 2020 Advisories
7. Security Advisory WSO2-2020-0707
You are not logged in. Any changes you make will be marked as anonymous. You may
want to Log In if you already have an account.
search
attachments
weblink
advanced
image-effects
image-attributes
* Paragraph
* Paragraph
* Heading 1
* Heading 2
* Heading 3
* Heading 4
* Heading 5
* Heading 6
* Preformatted
* Quote
* Bold
* Italic
* Underline
* Colour picker
More colours
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
* Formatting
* Strikethrough
* Subscript
* Superscript
* Monospace
* Clear formatting
* Bullet list
* Numbered list
* Task list
* Outdent
* Indent
* Align left
* Align center
* Align right
* Page layout
* Link
* Table
* Insert
Insert content
* Files and images
* Link
* Markup
* Horizontal rule
* Task list
* Date
* Emoticon
* Symbol
Insert macro
* User mention
* Jira Issue/Filter
* Info
* Gliffy Diagram
* Status
* Gallery
* Table of Contents
* Other macros
* Page layout
* No layout
* Two column (simple)
* Two column (simple, left sidebar)
* Two column (simple, right sidebar)
* Three column (simple)
* Two column
* Two column (left sidebar)
* Two column (right sidebar)
* Three column
* Three column (left and right sidebars)
* Undo
* Redo
* Find/Replace
* Keyboard shortcuts help
You are not logged in. Any changes you make will be marked as anonymous. You may
want to Log In if you already have an account.
This page is also being edited by . Your changes will be merged with theirs when
you save.
If you are unable to use this CAPTCHA please <a href="administrators.action"
tabindex="5">contact your administrator</a> for assistance.
Edit
Preview
Save
Close