CVE-2023-6838

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-6838

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6838.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6838

Published

2023-12-15T10:15:10Z

Modified

2026-04-10T05:07:42.608388Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1233/

Affected packages

Git / github.com/wso2/product-apim

Affected ranges

Type

GIT

Repo

https://github.com/wso2/product-apim

Events

Introduced

Last affected

2971de274564b622974de831403e9688a4a76c14

Introduced

Last affected

e4956e9301b1c26eb06e80ec5c86628154b6ab55

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.0"
        }
    ]
}

Affected versions

test-tag-1.*

test-tag-1.9.0-Alpha

v1.*

v1.9.0

v1.9.0-Alpha

v1.9.0-Beta

v1.9.0-Beta-2

v1.9.0-Beta-3

v1.9.0-M2

v2.*

v2.0.0-ALPHA

v2.0.0-M4

v2.1.0-alpha

v2.1.0-update1

v2.1.0-update10

v2.1.0-update11

v2.1.0-update12

v2.1.0-update13

v2.1.0-update14

v2.1.0-update2

v2.1.0-update3

v2.1.0-update5

v2.1.0-update7

v2.1.0-update8

v2.1.0-update9

v2.2.0

v2.2.0-update1

v2.2.0-update2

v2.2.0-update3

v2.2.0-update4

v2.2.0-update5

v2.2.0-update6

v2.2.0-update7

v2.5.0

v2.5.0-Alpha

v2.5.0-Beta

v2.5.0-rc1

v2.5.0-rc2

v2.5.0-rc3

v2.5.0-rc4

v2.6.0

v2.6.0-alpha

v2.6.0-alpha2

v2.6.0-beta

v2.6.0-beta2

v2.6.0-m1

v2.6.0-m2

v2.6.0-rc1

v2.6.0-rc2

v2.6.0-rc3

v3.*

v3.0.0

v3.0.0-alpha

v3.0.0-alpha2

v3.0.0-beta

v3.0.0-m32

v3.0.0-m33

v3.0.0-m34

v3.0.0-m35

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.1.0

v3.1.0-alpha

v3.1.0-beta

v3.1.0-m1

v3.1.0-m2

v3.1.0-m3

v3.1.0-m4

v3.1.0-m5

v3.1.0-rc1

v3.1.0-rc2

v3.1.0-rc3

v3.2.0

v3.2.0-alpha

v3.2.0-beta

v3.2.0-m1

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.2.0-rc4

v3.2.0-rc5

v3.2.0-rc6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6838.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.10.0"
            }
        ]
    }
]