Moderate severityNVD Advisory· Published Dec 18, 2023· Updated Aug 2, 2024
CVE-2023-6911
CVE-2023-6911
Description
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.wso2.carbon.registry:carbon-registryMaven | < 4.7.37 | 4.7.37 |
Affected products
43.2.0.0+ 1 more
- (no CPE)range: 3.2.0.0
- (no CPE)range: 5.4.0.0
- Range: 3.2.0.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-rfq3-wpjh-ppvgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6911ghsaADVISORY
- security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/mitrevendor-advisory
- github.com/wso2/carbon-registry/commit/878fc7e53c90acc85e303d2af73440014a68b246ghsaWEB
- security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225ghsaWEB
News mentions
0No linked articles in our index yet.