← back
CVE-2022-29548

CVE-2022-29548

CVSS 4.6 MEDIUMEPSS 40.5%
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.
CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:N/S:U/UI:R
Affected products
n/a · n/a
public PoCs found3
githubgithub.com/cxosmo/CVE-2022-295485cve_referencepacketstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50970unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-Scripting.htmlhttps://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1603/