cbcvebase.
CVE-2023-6838
published 2023-12-15

CVE-2023-6838: Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and…

PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.43%
34.6th percentile
Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.

Affected

8 ranges
VendorProductVersion rangeFixed in
wso2api_manager
wso2api_manager
wso2identity_server
wso2identity_server_as_key_manager
wso2wso2_api_manager>= 3.1.0.0 < 3.1.0.143.1.0.14
wso2wso2_api_manager>= 3.2.0.0 < 3.2.0.103.2.0.10
wso2wso2_identity_server>= 5.10.0.0 < 5.10.0.55.10.0.5
wso2wso2_is_as_key_manager>= 5.10.0.0 < 5.10.0.55.10.0.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.