docs.wso2.com
Open in
urlscan Pro
2606:4700::6812:f48
Public Scan
URL:
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0707
Submission: On November 16 via api from GB — Scanned from GB
Submission: On November 16 via api from GB — Scanned from GB
Form analysis
1 forms found in the DOMName: pagetreesearchform — POST /plugins/pagetreesearch/pagetreesearch.action
<form method="POST" class="aui" action="/plugins/pagetreesearch/pagetreesearch.action" name="pagetreesearchform">
<input type="hidden" name="ancestorId" value="53123508">
<input type="hidden" name="spaceKey" value="Security">
<input type="text" class="text medium-field" size="20" name="queryString" placeholder="Search this documentation">
<input type="submit" class="aui-button" value="Search">
</form>
Text Content
* Skip to content * Skip to breadcrumbs * Skip to header menu * Skip to action menu * Skip to quick search WSO2 DOCUMENTATION * Spaces * * Hit enter to search * Help * Online Help * Keyboard Shortcuts * Feed Builder * What’s new * Available Gadgets * About Confluence * * * * Log in WSO2 Platform Security * WSO2 Documentation * Training * Community * Collapse all Expand all Collapse all * Acknowledgments * Security Advisories * 2017 Advisories * 2016 Advisories * 2018 Advisories * 2019 Advisories * 2020 Advisories * Security Advisory WSO2-2018-0537 * Security Advisory WSO2-2019-0651 * Security Advisory WSO2-2019-0663 * Security Advisory WSO2-2019-0665 * Security Advisory WSO2-2019-0666 * Security Advisory WSO2-2019-0667 * Security Advisory WSO2-2019-0670 * Security Advisory WSO2-2019-0673 * Security Advisory WSO2-2019-0681 * Security Advisory WSO2-2020-0684 * Security Advisory WSO2-2020-0685 * Security Advisory WSO2-2020-0687 * Security Advisory WSO2-2020-0688 * Security Advisory WSO2-2020-0689 * Security Advisory WSO2-2020-0690 * Security Advisory WSO2-2020-0693 * Security Advisory WSO2-2020-0698 * Security Advisory WSO2-2020-0699 * Security Advisory WSO2-2020-0700 * Security Advisory WSO2-2020-0701 * Security Advisory WSO2-2020-0702 * Security Advisory WSO2-2020-0705 * Security Advisory WSO2-2020-0706 * Security Advisory WSO2-2020-0707 * Security Advisory WSO2-2020-0711 * Security Advisory WSO2-2020-0713 * Security Advisory WSO2-2020-0718 * Security Advisory WSO2-2020-0722 * Security Advisory WSO2-2020-0727 * Security Advisory WSO2-2020-0728 * Security Advisory WSO2-2020-0730 * Security Advisory WSO2-2020-0731 * Security Advisory WSO2-2020-0734 * Security Advisory WSO2-2020-0742 * Security Advisory WSO2-2020-0747 * Security Advisory WSO2-2020-0751 * Security Advisory WSO2-2020-0752 * Security Advisory WSO2-2020-0755 * Security Advisory WSO2-2020-0781 * Security Advisory WSO2-2020-0843 * Security Advisory WSO2-2020-0864 * Security Advisory WSO2-2020-0873 * Security Advisory WSO2-2020-1119 * Security Advisory WSO2-2020-1139 * Security Advisory WSO2-2020-1196 * 2021 Advisories * 2022 Advisories * CVE Clarifications * Incident Clarifications * Security Processes and Programs * Security Guidelines for Production Deployment * CVE to WSO2 Security Advisory Mapping Browse pages ConfigureSpace tools * Overview * Content Tools * Activity * Browse pages || * * Attachments (0) * Page History * Page Information * Resolved comments (0) * View in Hierarchy * View Source * Export to PDF * Export to Word 1. Pages 2. … 3. WSO2 Platform Security 4. Security Advisories 5. 2020 Advisories Skip to end of banner * * Jira links Go to start of banner SECURITY ADVISORY WSO2-2020-0707 Skip to end of metadata * Created by Suresh Rupasinghe, last modified on May 13, 2020 Go to start of metadata Published: 13th May 2020 Severity: Medium CVSS Score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) AFFECTED PRODUCTS WSO2 IS as Key Manager : 5.9.0 or earlier WSO2 Identity Server : 5.9.0 or earlier OVERVIEW A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console. DESCRIPTION Policy Administration user interface is found to be vulnerable to a potential Reflected XSS attack. IMPACT By leveraging an XSS attack, an attacker can make the browser get redirected to a malicious website, make changes in the UI of the web page, retrieve information from the browser or harm otherwise. However, since all the session related sensitive cookies are set with httpOnly flag and protected, session hijacking or similar attacks would not be possible. SOLUTION If you are using an affected product version, it is highly recommended to migrate to the latest released version to receive security fixes. You may also apply the relevant fixes based on the changes from the public fix: https://github.com/wso2/carbon-identity-framework/pull/2738 Note: If you are a WSO2 customer with Support Subscription, please use WSO2 Update Manager (WUM) updates in order to apply the fix. CREDITS WSO2 thanks, Vijayakumar Muniraj (Cyber Security Research Labs) for responsibly reporting the identified issue and working with us as we addressed it. * No labels Overview Content Tools Activity || * Get Support Copyright © WSO2 LLC 2015-2022 Content licensed under CC By 4.0. Samples licensed under Apache 2.0. Powered by a free Atlassian Confluence Community License granted to WSO2, Inc.. Evaluate Confluence today. This Confluence installation runs a Free Gliffy License - Evaluate the Gliffy Confluence Plugin for your Wiki! * Powered by Atlassian Confluence 7.1.0 * Printed by Atlassian Confluence 7.1.0 * Report a bug * Atlassian News Atlassian {"serverDuration": 135, "requestCorrelationId": "b015ac7505132371"} 1. WSO2 Platform Security 2. Pages 3. … 4. WSO2 Platform Security 5. Security Advisories 6. 2020 Advisories 7. Security Advisory WSO2-2020-0707 You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account. search attachments weblink advanced image-effects image-attributes * Paragraph * Paragraph * Heading 1 * Heading 2 * Heading 3 * Heading 4 * Heading 5 * Heading 6 * Preformatted * Quote * Bold * Italic * Underline * Colour picker More colours * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Formatting * Strikethrough * Subscript * Superscript * Monospace * Clear formatting * Bullet list * Numbered list * Task list * Outdent * Indent * Align left * Align center * Align right * Page layout * Link * Table * Insert Insert content * Files and images * Link * Markup * Horizontal rule * Task list * Date * Emoticon * Symbol Insert macro * User mention * Jira Issue/Filter * Info * Gliffy Diagram * Status * Gallery * Table of Contents * Other macros * Page layout * No layout * Two column (simple) * Two column (simple, left sidebar) * Two column (simple, right sidebar) * Three column (simple) * Two column * Two column (left sidebar) * Two column (right sidebar) * Three column * Three column (left and right sidebars) * Undo * Redo * Find/Replace * Keyboard shortcuts help You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account. This page is also being edited by . Your changes will be merged with theirs when you save. If you are unable to use this CAPTCHA please <a href="administrators.action" tabindex="5">contact your administrator</a> for assistance. Edit Preview Save Close