Security Advisory WSO2-2017-0197¶
Published: 4th September 04, 2017
CVSS Score: 2.4 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N)
- WSO2 Business Rules Server 2.2.0
- WSO2 Dashboard Server 2.0.0
A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console.
By leveraging an XSS attack, an attacker can make the browser get redirected to a malicious website, make changes in the UI of the web page, retrieve information from the browser or harm otherwise.
However, since all the session related sensitive cookies are set with httpOnly flag and protected, session hijacking or similar attack would not be possible.
Apply the following patches based on your products by following the instructions in the README file. Patches can also be downloaded from Security Patch Releases. If you have any questions, post them to firstname.lastname@example.org.
|BRS||WSO2 Business Rules Server 2.2.0||WSO2-CARBON-PATCH-4.4.0-1174|
|DS||WSO2 Dashboard Server 2.0.0||WSO2-CARBON-PATCH-4.4.0-1174|
If you are using newer versions of the products than the ones mentioned in the "SOLUTION" section, this vulnerability is fixed.