Strix
26.1K

CVE-2023-6911

MEDIUMCVSS 4.8/10EPSS 0.41%

Last modified

CVE-2023-6911 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console. . EPSS estimates a 0.41% chance of exploitation in the next 30 days.

Description

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.

Metrics

CVSS 3.1
4.8/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS Probability
0.41%

32.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Wso2Api Manager2.2.0
Wso2Api Manager2.5.0
Wso2Api Manager2.6.0
Wso2Api Manager3.0.0
Wso2Api Manager3.1.0
Wso2Api Manager3.2.0
Wso2Api Manager Analytics2.2.0
Wso2Api Manager Analytics2.5.0
Wso2Api Microgateway2.2.0
Wso2Data Analytics Server3.2.0
Wso2Enterprise Integrator6.1.0
Wso2Enterprise Integrator6.1.1
Wso2Enterprise Integrator6.2.0
Wso2Enterprise Integrator6.3.0
Wso2Enterprise Integrator6.4.0
Wso2Enterprise Integrator6.5.0
Wso2Enterprise Integrator6.6.0
Wso2Identity Server As Key Manager5.5.0
Wso2Identity Server As Key Manager5.6.0
Wso2Identity Server As Key Manager5.7.0
Wso2Identity Server As Key Manager5.9.0
Wso2Identity Server As Key Manager5.10.0
Wso2Identity Server5.4.0
Wso2Identity Server5.4.1
Wso2Identity Server5.5.0
Wso2Identity Server5.6.0
Wso2Identity Server5.7.0
Wso2Identity Server5.8.0
Wso2Identity Server5.9.0
Wso2Identity Server5.10.0
Wso2Identity Server Analytics5.4.0
Wso2Identity Server Analytics5.4.1
Wso2Identity Server Analytics5.5.0
Wso2Identity Server Analytics5.6.0
Wso2Message Broker3.2.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-6911?
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
How severe is CVE-2023-6911?
CVE-2023-6911 has a CVSS score of 4.8/10 (MEDIUM severity). The EPSS model estimates a 0.41% probability of exploitation in the next 30 days.
How do I fix CVE-2023-6911?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-6911?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST