Skip to content
/ WSO2-2020-0731 Public

WSO2-2020-0731: XXE and XSS vulnerabilities in WSO2 Carbon

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mbadanoiu/WSO2-2020-0731

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
WSO2 Carbon - WSO2-2020-0731.pdf
WSO2 Carbon - WSO2-2020-0731.pdf
 
 

Repository files navigation

WSO2-2020-0731: XXE and XSS vulnerabilities in WSO2 Carbon

A potential XXE and XSS have been identified in multiple WSO2 Products.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Why no CVE?

Neither me nor the vendor requested a CVE for these vulnerabilities.

Requirements:

This vulnerability requires:

  • Convincing a legitimate WSO2 user to add a malicious repository
    OR
  • Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

WSO2-2020-0731: XXE and XSS vulnerabilities in WSO2 Carbon

Topics

xxe cross-site-scripting 0-day stored-xss wso2-2020-0731

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository