GHSA-j34r-57xj-pfm5

Suggest an improvement
Source
https://github.com/advisories/GHSA-j34r-57xj-pfm5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-j34r-57xj-pfm5/GHSA-j34r-57xj-pfm5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-j34r-57xj-pfm5
Aliases
Published
2022-12-15T21:30:26Z
Modified
2023-11-08T04:10:50.759935Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
WSO2 carbon-registry Cross-site Scripting vulnerability
Details

A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the file components/registry/org.wso2.carbon.registry.search.ui/src/main/resources/web/search/advancedSearchForm-ajaxprocessor.jsp of the component Advanced Search. The manipulation of the argument mediaType/rightOp/leftOp/rightPropertyValue/leftPropertyValue leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.8.12 can address this issue. The name of the patch is 0c827cc1b14b82d8eb86117ab2e43c34bb91ddb4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215900.

References

Affected packages

Maven / org.wso2.carbon.registry:carbon-registry

Package

Name
org.wso2.carbon.registry:carbon-registry
View open source insights on deps.dev
Purl
pkg:maven/org.wso2.carbon.registry/carbon-registry

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.8.12

Affected versions

4.*

4.6.11
4.6.12
4.6.13
4.6.14
4.6.15
4.6.16
4.6.17
4.6.18
4.6.19
4.6.20
4.6.21
4.6.22
4.6.23
4.6.24
4.6.25
4.6.26
4.6.27
4.6.28
4.6.29
4.6.30
4.6.31
4.6.32
4.6.33
4.6.34
4.6.35
4.6.36
4.6.37
4.6.38
4.6.39
4.6.40
4.6.41
4.6.42
4.7.13
4.7.14
4.7.15
4.7.16
4.7.17
4.7.25
4.7.26
4.7.27
4.7.28
4.7.31
4.7.32
4.7.33
4.7.34
4.7.35
4.7.36
4.7.37
4.7.38
4.7.39
4.7.40
4.7.41
4.7.42
4.7.43
4.7.44
4.7.45
4.7.46
4.7.47
4.7.48
4.7.49
4.7.50
4.8.0
4.8.1
4.8.2
4.8.7
4.8.8
4.8.9
4.8.10
4.8.11