cvelistv5 - cve-2020-17453

CVE-2020-17453 (GCVE-0-2020-17453)

Vulnerability from cvelistv5

Published

2021-04-05 00:00

Modified

2024-08-04 13:53

Severity ?

CWE

Summary

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

var-202104-0059

Vulnerability from variot

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. plural WSO2 Product Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. WSO2 Management Console is an application software of American WSO2 Company

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0059",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "identity server analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "5.5.0"
      },
      {
        "model": "api manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "3.2.0"
      },
      {
        "model": "enterprise integrator",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "6.6.0"
      },
      {
        "model": "identity server analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "5.6.0"
      },
      {
        "model": "identity server as key manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "5.6.0"
      },
      {
        "model": "micro integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "1.0.0"
      },
      {
        "model": "api manager analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "2.5.0"
      },
      {
        "model": "api manager analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "2.2.0"
      },
      {
        "model": "identity server as key manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "5.7.0"
      },
      {
        "model": "identity server as key manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "5.9.0"
      },
      {
        "model": "identity server as key manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "5.10.0"
      },
      {
        "model": "api manager analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "2.6.0"
      },
      {
        "model": "identity server analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "5.4.1"
      },
      {
        "model": "api microgateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "2.2.0"
      },
      {
        "model": "identity server analytics",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "5.4.0"
      },
      {
        "model": "identity server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "5.10.0"
      },
      {
        "model": "identity server as key manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "wso2",
        "version": "5.5.0"
      },
      {
        "model": "identity server as key manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "wso2",
        "version": null
      },
      {
        "model": "micro integrator",
        "scope": null,
        "trust": 0.8,
        "vendor": "wso2",
        "version": null
      },
      {
        "model": "api microgateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "wso2",
        "version": null
      },
      {
        "model": "api manager analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "wso2",
        "version": null
      },
      {
        "model": "identity server",
        "scope": null,
        "trust": 0.8,
        "vendor": "wso2",
        "version": null
      },
      {
        "model": "enterprise integrator",
        "scope": null,
        "trust": 0.8,
        "vendor": "wso2",
        "version": null
      },
      {
        "model": "identity server analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "wso2",
        "version": null
      },
      {
        "model": "api manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "wso2",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016455"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17453"
      }
    ]
  },
  "cve": "CVE-2020-17453",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-17453",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-170633",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2020-17453",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2020-17453",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-17453",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-17453",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-168",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-170633",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-17453",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-170633"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-17453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016455"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-168"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17453"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. plural WSO2 Product Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. WSO2 Management Console is an application software of American WSO2 Company",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-17453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016455"
      },
      {
        "db": "VULHUB",
        "id": "VHN-170633"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-17453"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-17453",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016455",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-168",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-170633",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-17453",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-170633"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-17453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016455"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-168"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17453"
      }
    ]
  },
  "id": "VAR-202104-0059",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-170633"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T23:01:03.188000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "WSO2-2020-1132",
        "trust": 0.8,
        "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132"
      },
      {
        "title": "WSO2 Management Console Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146967"
      },
      {
        "title": "https://github.com/karthi-the-hacker/CVE-2020-17453",
        "trust": 0.1,
        "url": "https://github.com/karthi-the-hacker/CVE-2020-17453 "
      },
      {
        "title": "CVE-2020-17453",
        "trust": 0.1,
        "url": "https://github.com/JHHAX/CVE-2020-17453-PoC "
      },
      {
        "title": "scalpel\ud83d\udde1\n\u514d\u8d23\u58f0\u660e\n\u68c0\u6d4b\u6a21\u5757\n\u529f\u80fd\u7279\u8272\n\u5feb\u901f\u4f7f\u7528\nPOC\u76f8\u5173\n\u95ee\u9898\u53cd\u9988\n\u76f8\u5173\u8d44\u6599",
        "trust": 0.1,
        "url": "https://github.com/StarCrossPortal/scalpel "
      },
      {
        "title": "Kenzer Templates [1289]",
        "trust": 0.1,
        "url": "https://github.com/Elsfa7-110/kenzer-templates "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/soosmile/POC "
      },
      {
        "title": "Kenzer Templates [5170] [DEPRECATED]",
        "trust": 0.1,
        "url": "https://github.com/ARPSyndicate/kenzer-templates "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-17453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016455"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-168"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.1
      },
      {
        "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-170633"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016455"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17453"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://github.com/jhhax/cve-2020-17453-poc"
      },
      {
        "trust": 1.8,
        "url": "https://twitter.com/jacksonhhax/status/1374681422678519813"
      },
      {
        "trust": 1.1,
        "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/wso2-2020-1132/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17453"
      },
      {
        "trust": 0.7,
        "url": "https://docs.wso2.com/display/security/security+advisory+wso2-2020-1132"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/karthi-the-hacker/cve-2020-17453"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-170633"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-17453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016455"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-168"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17453"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-170633"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-17453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016455"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-168"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-17453"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-170633"
      },
      {
        "date": "2021-04-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-17453"
      },
      {
        "date": "2021-12-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-016455"
      },
      {
        "date": "2021-04-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-168"
      },
      {
        "date": "2021-04-05T22:15:12.633000",
        "db": "NVD",
        "id": "CVE-2020-17453"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-170633"
      },
      {
        "date": "2024-01-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-17453"
      },
      {
        "date": "2021-12-08T07:12:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-016455"
      },
      {
        "date": "2021-04-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-168"
      },
      {
        "date": "2024-11-21T05:08:08.883000",
        "db": "NVD",
        "id": "CVE-2020-17453"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-168"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0WSO2\u00a0 Product \u00a0 Cross-site Scripting Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-016455"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-168"
      }
    ],
    "trust": 0.6
  }
}

gsd-2020-17453

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

Aliases

CVE-2020-17453

Aliases

CVE-2020-17453

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-17453",
    "description": "WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.",
    "id": "GSD-2020-17453"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-17453"
      ],
      "details": "WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.",
      "id": "GSD-2020-17453",
      "modified": "2023-12-13T01:21:49.891146Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-17453",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://twitter.com/JacksonHHax/status/1374681422678519813",
            "refsource": "MISC",
            "url": "https://twitter.com/JacksonHHax/status/1374681422678519813"
          },
          {
            "name": "https://github.com/JHHAX/CVE-2020-17453-PoC",
            "refsource": "MISC",
            "url": "https://github.com/JHHAX/CVE-2020-17453-PoC"
          },
          {
            "name": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1132/",
            "refsource": "MISC",
            "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1132/"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[2.2.0]",
          "affected_versions": "Version 2.2.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-04-08",
          "description": "WSO2 Management Console allows XSS via the `carbon/admin/login.jsp` msgId parameter.",
          "fixed_versions": [],
          "identifier": "CVE-2020-17453",
          "identifiers": [
            "CVE-2020-17453"
          ],
          "not_impacted": "All versions before 2.2.0, all versions after 2.2.0",
          "package_slug": "maven/org.wso2.am.microgw/org.wso2.micro.gateway.core",
          "pubdate": "2021-04-05",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-17453",
            "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132"
          ],
          "uuid": "00c754f2-e62b-4a54-9b75-38db5ecbd03c"
        },
        {
          "affected_range": "[2.2.0],[2.5.0,2.6.0]",
          "affected_versions": "Version 2.2.0, all versions starting from 2.5.0 up to 2.6.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-04-08",
          "description": "WSO2 Management Console allows XSS via the carbon/admin/login.jsp msgId parameter.",
          "fixed_versions": [],
          "identifier": "CVE-2020-17453",
          "identifiers": [
            "CVE-2020-17453"
          ],
          "not_impacted": "All versions before 2.2.0, all versions after 2.2.0 before 2.5.0, all versions after 2.6.0",
          "package_slug": "maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.publisher.core",
          "pubdate": "2021-04-05",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-17453",
            "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132"
          ],
          "uuid": "e7f35acf-98ef-493d-91a5-567fb87733bf"
        },
        {
          "affected_range": "[0.0.0,5.10.0]",
          "affected_versions": "All versions up to 5.10.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2021-04-08",
          "description": "WSO2 Management Console allows XSS via the `carbon/admin/login.jsp` msgId parameter.",
          "fixed_versions": [],
          "identifier": "CVE-2020-17453",
          "identifiers": [
            "CVE-2020-17453"
          ],
          "not_impacted": "All versions after 5.10.0",
          "package_slug": "maven/org.wso2.identity/identity-server-parent",
          "pubdate": "2021-04-05",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-17453",
            "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132"
          ],
          "uuid": "8f7d7b9d-5aed-41ce-93c1-f4a1648f4acd"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C1156A8D-E315-45CC-A53E-224CF9861371",
                    "versionEndIncluding": "3.2.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "ADEAF56C-4583-40A6-826F-01AC86191AD7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "04A2A50A-872E-4CC7-BBB7-3E0956176AAC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:api_manager_analytics:2.6.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "839D1F1E-E921-4DA0-951D-E62607BB2B3F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "79CDDE83-4CB6-4DA3-8E96-FCDA4F5C1E93",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "16E39585-2B28-4631-A62F-27F17DC9AB4A",
                    "versionEndIncluding": "6.6.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5601E5C8-011F-4FF3-A327-3B2D637EAC79",
                    "versionEndIncluding": "5.10.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C32F5725-22BA-417A-B2A6-F120CA377E39",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B388C2B1-89EF-4D16-AD6A-675BDC6E3854",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "42BFE7A0-A168-4C1E-8725-41DD500C837E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5508EC5E-BEEA-49A7-BA2E-AEF40ECCB5C8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E4F0F121-700C-4D30-BAFC-960DCC56F08B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2E5761F7-C287-4EC4-A899-C54FB4E80A35",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3B184BFC-8E1A-4971-B6D2-C594742AB8CE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EA51AC1B-0BF6-44F6-B034-CAD4F623DD76",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6BB34405-A2F1-461A-B51B-E103BB3680A1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:wso2:micro_integrator:1.0.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A690D484-8402-4D45-833D-373D1713FA49",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter."
          },
          {
            "lang": "es",
            "value": "WSO2 Management Console versiones hasta 5.10, permite un ataque de tipo XSS por medio del par\u00e1metro msgId en el archivo carbon/admin/login.jsp"
          }
        ],
        "id": "CVE-2020-17453",
        "lastModified": "2024-01-11T03:15:08.600",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 2.7,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2021-04-05T22:15:12.633",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "https://github.com/JHHAX/CVE-2020-17453-PoC"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1132/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Third Party Advisory"
            ],
            "url": "https://twitter.com/JacksonHHax/status/1374681422678519813"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-79"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

fkie_cve-2020-17453

Vulnerability from fkie_nvd

Published

2021-04-05 22:15

Modified

2024-11-21 05:08

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

References

URL	Tags
cve@mitre.org	https://github.com/JHHAX/CVE-2020-17453-PoC	Exploit, Third Party Advisory
cve@mitre.org	https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1132/
cve@mitre.org	https://twitter.com/JacksonHHax/status/1374681422678519813	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/JHHAX/CVE-2020-17453-PoC	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1132/
af854a3a-2127-422b-91ae-364da2661108	https://twitter.com/JacksonHHax/status/1374681422678519813	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
wso2	api_manager	*
wso2	api_manager_analytics	2.2.0
wso2	api_manager_analytics	2.5.0
wso2	api_manager_analytics	2.6.0
wso2	api_microgateway	2.2.0
wso2	enterprise_integrator	*
wso2	identity_server	*
wso2	identity_server_analytics	5.4.0
wso2	identity_server_analytics	5.4.1
wso2	identity_server_analytics	5.5.0
wso2	identity_server_analytics	5.6.0
wso2	identity_server_as_key_manager	5.5.0
wso2	identity_server_as_key_manager	5.6.0
wso2	identity_server_as_key_manager	5.7.0
wso2	identity_server_as_key_manager	5.9.0
wso2	identity_server_as_key_manager	5.10.0
wso2	micro_integrator	1.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1156A8D-E315-45CC-A53E-224CF9861371",
              "versionEndIncluding": "3.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADEAF56C-4583-40A6-826F-01AC86191AD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04A2A50A-872E-4CC7-BBB7-3E0956176AAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:api_manager_analytics:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "839D1F1E-E921-4DA0-951D-E62607BB2B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "79CDDE83-4CB6-4DA3-8E96-FCDA4F5C1E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16E39585-2B28-4631-A62F-27F17DC9AB4A",
              "versionEndIncluding": "6.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5601E5C8-011F-4FF3-A327-3B2D637EAC79",
              "versionEndIncluding": "5.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C32F5725-22BA-417A-B2A6-F120CA377E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B388C2B1-89EF-4D16-AD6A-675BDC6E3854",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42BFE7A0-A168-4C1E-8725-41DD500C837E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5508EC5E-BEEA-49A7-BA2E-AEF40ECCB5C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F0F121-700C-4D30-BAFC-960DCC56F08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E5761F7-C287-4EC4-A899-C54FB4E80A35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B184BFC-8E1A-4971-B6D2-C594742AB8CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA51AC1B-0BF6-44F6-B034-CAD4F623DD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BB34405-A2F1-461A-B51B-E103BB3680A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:micro_integrator:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A690D484-8402-4D45-833D-373D1713FA49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter."
    },
    {
      "lang": "es",
      "value": "WSO2 Management Console versiones hasta 5.10, permite un ataque de tipo XSS por medio del par\u00e1metro msgId en el archivo carbon/admin/login.jsp"
    }
  ],
  "id": "CVE-2020-17453",
  "lastModified": "2024-11-21T05:08:08.883",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-05T22:15:12.633",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/JHHAX/CVE-2020-17453-PoC"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1132/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/JacksonHHax/status/1374681422678519813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/JHHAX/CVE-2020-17453-PoC"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1132/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/JacksonHHax/status/1374681422678519813"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-5q6x-p849-7jj8

Vulnerability from github

Published

2022-05-24 17:46

Modified

2024-01-11 03:30

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-17453"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-05T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.",
  "id": "GHSA-5q6x-p849-7jj8",
  "modified": "2024-01-11T03:30:28Z",
  "published": "2022-05-24T17:46:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17453"
    },
    {
      "type": "WEB",
      "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132"
    },
    {
      "type": "WEB",
      "url": "https://github.com/JHHAX/CVE-2020-17453-PoC"
    },
    {
      "type": "WEB",
      "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1132"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/JacksonHHax/status/1374681422678519813"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-17453 (GCVE-0-2020-17453)

Vulnerability from cvelistv5

var-202104-0059

Vulnerability from variot

gsd-2020-17453

Vulnerability from gsd

fkie_cve-2020-17453

Vulnerability from fkie_nvd

ghsa-5q6x-p849-7jj8

Vulnerability from github

Tags

Sightings

Nomenclature