GHSA-2vcm-2mcr-wmx7

Source

https://github.com/advisories/GHSA-2vcm-2mcr-wmx7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2vcm-2mcr-wmx7/GHSA-2vcm-2mcr-wmx7.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2vcm-2mcr-wmx7

Aliases

CVE-2016-4316

Published

2022-05-14T02:46:18Z

Modified

2025-04-22T02:27:08.898123Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

WSO2 Carbon vulnerable to Cross-site Scripting

Details

Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp.

Database specific

{
    "nvd_published_at": "2017-02-17T02:59:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-22T01:06:15Z"
}

References

Affected packages

Maven / org.wso2.carbon.commons:org.wso2.carbon.ndatasource.ui

Package

Name: org.wso2.carbon.commons:org.wso2.carbon.ndatasource.ui; View open source insights on deps.dev
Purl: pkg:maven/org.wso2.carbon.commons/org.wso2.carbon.ndatasource.ui

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.4.5

Affected versions

4.*

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

Maven / org.wso2.carbon.identity.framework:org.wso2.carbon.identity.mgt.ui

Package

Name: org.wso2.carbon.identity.framework:org.wso2.carbon.identity.mgt.ui; View open source insights on deps.dev
Purl: pkg:maven/org.wso2.carbon.identity.framework/org.wso2.carbon.identity.mgt.ui

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.4.5

Maven / org.wso2.carbon.commons:org.wso2.carbon.messageflows.ui

Package

Name: org.wso2.carbon.commons:org.wso2.carbon.messageflows.ui; View open source insights on deps.dev
Purl: pkg:maven/org.wso2.carbon.commons/org.wso2.carbon.messageflows.ui

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.4.5

Affected versions

4.*

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.3.6

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5